There is at least one control system vendor that has addressed cyber security as part of its initial design. I think it is important to acknowledge that it is possible to build a more secure control system from initial design that addresses known control system cyber vulnerabilities.
November 18 at 10am Pacific, Joe Weiss will be presenting a Bright Talk Webinar sponsored by Lockheed Martin – “ICS Cyber Incidents are Real but Not Being Identified” - https://www.brighttalk.com/search?q=ics.
Considering the vulnerabilities of our critical infrastructures as demonstrated by the red team exercise discussed at the 15th ICS Cyber Security Conference (an effectively NERC CIP-compliant utility being compromised within 30 minutes with no indication), the results of the ICS honeypots and other studies, the availability of ICS cyber exploits,...
The 15th ICS Cyber Security Conference showed that ICS cyber security is still a mixed bag. There were many attendees that actually understood ICS cyber security – progress! However, there were still many attendees that did not understand the specific ICS cyber security issues.
Marina Krotofil's presentation on hacking a chemical plant focused on the vulnerabilities of the process and control design. One of Marina's slides was about compromising operator displays by addressing sensor signal processing filters. An intentional change in the signal processing filter resulted in a nuclear plant operating in an unsafe...
The PG&E San Bruno natural gas pipeline rupture and the Volkswagen emissions scandal were ICS cyber incidents that put the respective corporations at risk and led to the resignation of the respective CEOs.
Not every ICS cyber vulnerability is critical. ICS cyber security should focus on what can affect ICS or system operation so the end-user can prioritize what threats are important to system reliability and safety.