Control Systems Cybersecurity Expert, Joseph M. Weiss, is an international authority on cybersecurity, control systems and system security. Weiss weighs in on cybersecurity, science and technology, security emerging threats and more.
Semiconductor equipment manufacturers are the beginning of the ICS supply chain. However, they use ICS that can be cyber vulnerable and have had ICS cyber incidents. ICS cyber security needs to be addressed across the entire supply chain.
The Singapore 2016 ICSS Cyber Security Summit had active government and industry participation. There was still a lack of understanding of ICS cyber security where even a major ICS vendor is still talking about security by obscurity. New issues with cyber security of plant safety system were raised.
The 2016 Business Insurance Risk Summit was a great opportunity for the insurance and risk managers to get an initial understanding of the issues associated with ICS cyber security and what it can mean to insurance risk.
The December 2015 Ukrainian hack can happen in the US despite the statements made to the contrary. DHS reiterates that BlackEnergy is in the US grid and that control systems should not be connected to the Internet.
George Cotter (formerly Chief Scientist for the National Security Agency) and I briefed the FERC Commissioners on cyber threats and cyber incidents affecting the grid. The cyber security regulations fail to include a requirement that utilities (or nuclear plants) remove malware found in their networks.
I will be giving the keynote presentation February 22nd in Washington DC at the National Academies of Science, Engineering, and Medicine Conference on Critical Infrastructure Security: The Role of Public-Private Partnerships.
Process instrumentation and other field devices generally have minimal cybersecurity protection but can have VERY significant impacts. Security researchers have demonstrated the ability to compromise these devices on wired and wireless networks.