Cyber Command is recruiting U.S. energy companies as partners in developing and a new strategy. However, the utility personnel Cyber Command wants are the engineers that know how to operate power plants and substations. However, they generally have no cyber security training or responsibility.
It may not be possible to discriminate between cyber attacks, equipment malfunctions, or cyber attacks meant to look like equipment malfunctions. Consequently, the need to train the engineers and to monitor the sensors is becoming more critical as some of the most critical information to discriminate between these types of...
I did a podcast for Momenta Partners on Control Systems Cybersecurity: A Grim Gap - A Conversation with Joe Weiss - https://hubs.ly/H0gV0z_0. Given the lack of understanding I have a found at RSA this week on Level 0,1 control system field devices, this podcast is timely.
It is important to do a root cause analysis of a “malfunction” whether the incident was malicious (physical or cyber) or unintentional since you may not be able to tell the difference. The root cause team should include representatives from engineering as well as network security.
Here is the second part of a point blank decisive comprehensive list of what we really need to know in a detailed attempt to reduce the disparity between theory and practice. Please read, think and take to heart the opportunities to increase the performance and recognized value of our profession.