Control Systems Cybersecurity Expert, Joseph M. Weiss, is an international authority on cybersecurity, control systems and system security. Weiss weighs in on cybersecurity, science and technology, security emerging threats and more.
October 23rd, I will be giving the keynote on changing the paradigm of control system cyber security at EnergyTech in Cleveland. I will be speaking immediately after Moody’s Investor Services talks about cyber security and enterprise risk.
The report, “A Review of Cybersecurity Incidents in the Water Sector”, was published in the September 2019 issue of the Journal of Environmental Engineering. There are many technical gaps in the report. My concerns with these water cases are similar to gaps in other industries such as electric, oil/gas, and manufacturing.
Waterfall Security has released the podcast on my interview – “Three Networks – OT, OT, and Engineering” Podcast Episode #20. There have been many discussions about the IT/OT convergence but little about the need also to have engineering involved.
It is unacceptable to take almost 4 years to recognize there are engineering issues associated with a cyber attack intended to damage equipment. It is even more unacceptable that after almost 4 years, OT still doesn’t get it right.
Malicious cyber incidents affecting the US grid from compromising control system vendors as well as the utilities themselves have been on-going for more than 15 years. Yet, NERC refuses to call cyber incidents “cyber”.
I will be speaking at the 2019 GE Edge and Controls Symposium September 10-12, 2019 at GE Corporate R&D headquarters in Niskayuna, NY. There will be a focus on physical-cyber systems including control system cyber security.
It is important to train engineers and IT/OT and expand the scope from network threat hunting to include ICS incident hunting. Perhaps we as an industry could collaborate on this important, but missing, task.