The Russians have been in the US electric grids since at least 2014. The Defense Science Board stated the US critical infrastructure doesn’t have the ability to prevent damage. What is happening to provide resilience and recovery?
Two different fertility clinics on opposite sides of the country had almost simultaneous failures of their liquid nitrogen systems that appear to be process sensor-related and possibly cyber-related. What are the implications to these and other industries using liquid nitrogen?
I participated in the 2018 SINET Security Conference in Mt. View, CA. The agenda can be found at https://www.security-innovation.org/events/silicon/agenda/. There was a dearth of control system cyber discussions and a lack of control system cyber security understanding by many.
Here we looks at applications where feedforward can do more harm than good and what to do to prevent this situation. This problem is more common than one might think. In the literature we mostly hear how beneficial feedforward can be for measured load disturbances.
I will be participating in a panel at the SINET Security Conference in Mt. View, CA Wednesday. The panel is “ What Are The Emerging And Most Serious Threats Looming On The Horizon?” Our panel moderator is Brian White, Chief Operating Officer, RedOwl Analytics.
Enclosed is the link to my Defcon youtube presentation on lack of security of Level 0,1 devices - https://www.youtube.com/watch?v=UgvVaniZhsk. Considering this presentation elicited a “Like” from Iran (https://www.controlglobal.com/blogs/unfettered/the-iranians-know-about-the-lack-of-security-in-level-01-devices/ ), this presentation should be of interest and a call to action.
October 10, 2016, I wrote a blog: “The NERC CIPs continue to expose the grid to significant cyber vulnerabilities even after the Ukrainian hack” This was because NERC, DOE, and DHS had effectively ignored the 2015 attack as it was against the distribution system.
February 20, 2018 I participated in taping of a Smithsonian History Channel program on Hidden American History at Berkeley Engineering and Research. The demonstration destructively damaged a large steel pipe. This damage can be done via cyber means.
Separating ICS cyber security safety risk from cyber security economic risk has to be done at Level 0,1. This gives management the ability to make better business decisions. Additionally, the latest safety standards requiring ICS cyber security risk assessments, yet there are no explicit Level 0,1 considerations in the standards.
There continues to be significant misinformation about control system cyber security and critical infrastructure protection. Consequently, I am making my Texas A&M speech and presentation available here. I hope this opens some eyes.