Control Systems Cybersecurity Expert, Joseph M. Weiss, is an international authority on cybersecurity, control systems and system security. Weiss weighs in on cybersecurity, science and technology, security emerging threats and more.
The American Association of Water Distribution & Management (AAWD&M) has a Video Module Series on critical infrastructure. Fellow speakers were from the California Water Resources Control Board, Appalachian State University, Alvaka Networks, and myself. My presentation discussed control system cyber security with a focus on water/wastewater facilities including selected water...
The focus of control systems is reliability, availability, productivity, and safety which is directly affected by field devices such as process sensors, actuators, and drives. Yet the focus of cyber security has been on networks and data. There is also a lack of understanding of control systems.
Unfortunately, the culture gap between the control system and network security communities is alive and well. Our systems might stand a chance when this culture gap is surmounted and both communities work together to maintain reliability and safety.
The focus of the ICSJWG presentations were on network considerations. Addressing cyber threats to the process sensors before they become Ethernet packets was not considered other than my presentation. Yet, this is a shortcut to compromising any safety system.
The lack of cyber security and authentication of Level 0,1 devices precludes adequate cyber security and safety. The threat is independent of vendor, industry, region, or application and therefore can be even more significant than Stuxnet.
Wednesday, April 4th from 11:00 am-11:45am Pacific, I will be participating in a webinar on “Endpoint Security Best Practices: Implementing the New Guidance from the Industrial Internet Consortium” with Dean Weber, CTO, and Keao Caindec, Vice President of Marketing for Mocana - Brighttalk: https://www.brighttalk.com/webcast/9609/309715
Good engineering principles and practices have been neglected when it comes to control system cyber security that not only affects cyber security but also safety. How can you perform a nuclear or non-nuclear (HazOp) safety analyses if you haven't adequately addressed the cyber-induced system interactions and cyber security at all...