Control Systems Cybersecurity Expert, Joseph M. Weiss, is an international authority on cybersecurity, control systems and system security. Weiss weighs in on cybersecurity, science and technology, security emerging threats and more.
Process instrumentation and other field devices generally have minimal cybersecurity protection but can have VERY significant impacts. Security researchers have demonstrated the ability to compromise these devices on wired and wireless networks.
January 15, 2016, CyberWire published an interview with me on the implications of the Ukrainian power grid cyber attack and other current ICS cyber security issues - http://thecyberwire.com/interviews/interview_with-Joe-Weiss.html
The Journal of the Naval PostGraduate School Center for Homeland Defense and Security published an article assessing homeland security risks. The study does not adequately address control system cyber security.
Moody’s, S&P, and insurance companies are starting to consider cyber risk strongly implying the Board of Directors of industrial companies and ICS vendors can be expected to have to explicitly address ICS cyber security.
There is at least one control system vendor that has addressed cyber security as part of its initial design. I think it is important to acknowledge that it is possible to build a more secure control system from initial design that addresses known control system cyber vulnerabilities.
November 18 at 10am Pacific, Joe Weiss will be presenting a Bright Talk Webinar sponsored by Lockheed Martin – “ICS Cyber Incidents are Real but Not Being Identified” - https://www.brighttalk.com/search?q=ics.
Considering the vulnerabilities of our critical infrastructures as demonstrated by the red team exercise discussed at the 15th ICS Cyber Security Conference (an effectively NERC CIP-compliant utility being compromised within 30 minutes with no indication), the results of the ICS honeypots and other studies, the availability of ICS cyber exploits,...
The 15th ICS Cyber Security Conference showed that ICS cyber security is still a mixed bag. There were many attendees that actually understood ICS cyber security – progress! However, there were still many attendees that did not understand the specific ICS cyber security issues.