Control Systems Cybersecurity Expert, Joseph M. Weiss, is an international authority on cybersecurity, control systems and system security. Weiss weighs in on cybersecurity, science and technology, security emerging threats and more.
I did a podcast for Security Ledger on my thoughts about the recent hacking of Wolf Creek and other “ICS” facilities. The bottom line is the “means” exist for hacking control systems and causing damage. The question is the motive to do so. The podcast can be found at https://soundcloud.com/securityledger/joe-weiss-on-grid-attacks-and-critical-infrastructure-security.
Actuators, including motors and drives, control physical processes by monitoring sensors and adjusting pumps (motors), valves, fans, etc. When actuators don’t work as designed for malicious or unintentional reasons, equipment damage, injuries, and deaths can, and have been, a result.
Given the recent spate of cyber attacks including those against ICS applications, IIOT World ran the following blog on the need for IT and IOT convergence for IIOT applications - http://iiot-world.com/cybersecurity/industrial-cyber-security-why-it-ot-collaboration-is-no-longer-an-option-but-a-necessity/. The blog was co-authored by myself and Richard Ku from TrendMicro to illustrate the need for this convergence.
The ExxonMobil Open Group advanced controls initiative through The Open Group’s Open Process Automation Forum has some of the largest process controls companies in the world and their vendors participating. However, as of yet, no power utilities.
With ICSs, we are in a very uneven battle. ICSs were not made to be cyber secure and often cannot be upgraded to provide what many in the cyber security community would consider to be a minimal level of protection.
Tuesday June 13, 2017 I am giving a paper/presentation at the American Nuclear Society Conference in San Francisco on “The Implications of the Ukrainian Cyber Attacks to Nuclear Plants”. The paper will focus on the impact of compromising protective relays but will also touch on the cyber insecurity of process sensing.
The assumption that network anomaly detection is correlated to physical process anomalies is only true if there is a direct look into the “raw” process. However, network anomaly detection cannot address potential sensor anomalies that occur before the serial-to-Ethernet convertors leading to a false sense of security.
DoS is typically accomplished by flooding the targeted machine to overload systems and prevent some or all legitimate requests from being fulfilled. However, it does not matter if the service/system is shutdown by the attacker or by the end-user in response to the attacker– the system is still shut down.