Control Systems Cybersecurity Expert, Joseph M. Weiss, is an international authority on cybersecurity, control systems and system security. Weiss weighs in on cybersecurity, science and technology, security emerging threats and more.
It is mid-2016. “SCADA security” or “ICS security” are now being used in many cyber security conversations. However, in most instances, ICS cyber security is still not being adequately understood or addressed.
Semiconductor equipment manufacturers are the beginning of the ICS supply chain. However, they use ICS that can be cyber vulnerable and have had ICS cyber incidents. ICS cyber security needs to be addressed across the entire supply chain.
The Singapore 2016 ICSS Cyber Security Summit had active government and industry participation. There was still a lack of understanding of ICS cyber security where even a major ICS vendor is still talking about security by obscurity. New issues with cyber security of plant safety system were raised.
The 2016 Business Insurance Risk Summit was a great opportunity for the insurance and risk managers to get an initial understanding of the issues associated with ICS cyber security and what it can mean to insurance risk.
The December 2015 Ukrainian hack can happen in the US despite the statements made to the contrary. DHS reiterates that BlackEnergy is in the US grid and that control systems should not be connected to the Internet.
George Cotter (formerly Chief Scientist for the National Security Agency) and I briefed the FERC Commissioners on cyber threats and cyber incidents affecting the grid. The cyber security regulations fail to include a requirement that utilities (or nuclear plants) remove malware found in their networks.