Control Systems Cybersecurity Expert, Joseph M. Weiss, is an international authority on cybersecurity, control systems and system security. Weiss weighs in on cybersecurity, science and technology, security emerging threats and more.
I gave a presentation at the ISA Water/Wastewater Conference August 9th in Bethesda. As with the other conferences I have attended, the other cyber security presentations were on the network which is necessary, but not sufficient.
Addressing the cyber security of the sensors, not the Ethernet packets, has not been addressed by any industrial or DOD cyber security or safety standard. Monitoring of the electrical characteristics can’t prevent sensor integrity issues (hacking or unintentional impacts) but can identify changes which is more than we can do today.
I will be speaking August 9th at the ISA Water/Wastewater Conference in the cyber security track in Bethesda - http://isawwsymposium.com/program/program-schedule/. Like other conferences, I will be the only one speaking on sensors, not networks.
A US utility was compromised. The IP address and credentials for the cyber asset were posted on a Russian-based media site, and the cyber asset was subsequently infected with ransomware. The NERC CIP standards do not adequately address this problem.
Renewable resources are good for the environment and reduce consumer costs but they are not a panacea to reducing electric grid cyber threats as utility-scale solar facilities can utilize hundreds of thousands of solar panels with little to no cyber security.
Network cyber security (IT and OT) is necessary, but NOT sufficient to secure control systems. Securing control systems require an engineering understanding of the systems and their impact, yet the engineers have not been adequately involved.
Juan Lopez from ORNL and I gave a presentation June 27th at the 2018 ISA Power Industry Division (POWID) Conference in Knoxville on cyber security of process sensors. As ISA POWID is an Instrumentation & Control conference, the lack of sensor discussions demonstrates the continuing gap between cyber security and operations.