Control Systems Cybersecurity Expert, Joseph M. Weiss, is an international authority on cybersecurity, control systems and system security. Weiss weighs in on cybersecurity, science and technology, security emerging threats and more.
Separating ICS cyber security safety risk from cyber security economic risk has to be done at Level 0,1. This gives management the ability to make better business decisions. Additionally, the latest safety standards requiring ICS cyber security risk assessments, yet there are no explicit Level 0,1 considerations in the standards.
There continues to be significant misinformation about control system cyber security and critical infrastructure protection. Consequently, I am making my Texas A&M speech and presentation available here. I hope this opens some eyes.
Wednesday, January 31st, 2018, I participated with Mocana on a webinar on the Hatman malware (Trisis – Triconex safety system) attack. The survey question responses from the webinar are the first time I have seen such a lack of confidence in firewalls and network filtering as well as such an...
January 25th, I gave the keynote to the Texas A&M Instrumentation & Automation Symposium. The attendees were primarily end-users, vendors, and consultant control and safety engineers from the chemical and energy industries. The lack of cyber security and authentication in Level 0,1 devices was new to almost all of the participants.
Wednesday, January 31st from 11:00am - 11:45am Pacific, I will participating with Mocana on a webinar on the Hatman malware (Trisis) attack. Register for the webinar: https://www.brighttalk.com/channel/9609/mocana-corporation
I will be giving the keynote January 25th at the Texas A&M Instrumentation and Automation Symposium where I hope to publicize this issue to the control and safety engineers that attend the Symposium. I am also hoping the new Texas A&M brochure will be modified to better address ICS cyber security.
The Triconex safety systems and Stuxnet cyber attacks bear interesting similarities. Both were nation-state hacking of control system networks through operators’ Windows-based workstations to download alternate control system logic, affected safety systems that were connected to non-safety systems, and used hacking methodologies that can applied to other ICS vendors.
The November 2017 Issue of Control magazine had a section entitled “Serious cybersecurity sources”. In it, they included Unfettered and mentioned it being 10 years old. This got me thinking about a timeline of important ICS cyber security first-of-a-kind events.