It may not be possible to discriminate between cyber attacks, equipment malfunctions, or cyber attacks meant to look like equipment malfunctions. Consequently, the need to train the engineers and to monitor the sensors is becoming more critical as some of the most critical information to discriminate between these types of...
I did a podcast for Momenta Partners on Control Systems Cybersecurity: A Grim Gap - A Conversation with Joe Weiss - https://hubs.ly/H0gV0z_0. Given the lack of understanding I have a found at RSA this week on Level 0,1 control system field devices, this podcast is timely.
It is important to do a root cause analysis of a “malfunction” whether the incident was malicious (physical or cyber) or unintentional since you may not be able to tell the difference. The root cause team should include representatives from engineering as well as network security.
Here is the second part of a point blank decisive comprehensive list of what we really need to know in a detailed attempt to reduce the disparity between theory and practice. Please read, think and take to heart the opportunities to increase the performance and recognized value of our profession.
Hersh Shefrin is the Mario L. Belotti Professor of Finance from the Leavey School of Business at the University of Santa Clara. He wrote an article for Forbes – “Huawei And Facing Up To 5G-Related Cyber Risks” - https://www.forbes.com/sites/hershshefrin/2019/02/21/huawei-and-facing-up-to-5g-related-cyber-risks/#4132692f2672 .
I had conversations with the retired engineering managers from the ONLY TWO utilities that worked with DOD on installing and monitoring of the Aurora hardware mitigation devices. When I told them about the push back from industry on Aurora, they were dumbfounded and depressed.