Control Systems Cybersecurity Expert, Joseph M. Weiss, is an international authority on cybersecurity, control systems and system security. Weiss weighs in on cybersecurity, science and technology, security emerging threats and more.
There is still a gap in cyber security at the process device level. May 28, 2019, two independent announcements affecting control system supply chain cyber security were made that taken together spell a lack of cyber security, safety, and resilience of all infrastructures including the electric grid.
The demonstrations and presentations at IOT World demonstrated that with AI and machine learning, it appears possible to provide real time machine health and remaining equipment life which has been a long-time dream. However, the IOT data analytics are based on untrusted data and this was not questioned.
I will be participating on a panel session May 21st in Washington at the National Association of Water Companies (NAWC) Cyber Security Conference ( https://www.cvent.com/c/express/da32b208-b6fa-43bd-bf19-6c18b4a2db27). The panel session is: “Industrial Control Systems - The soft underbelly of utility business and service operations”.
There is a need for cyber security conferences for control system engineers that focus on control systems and control system impacts. OT network cyber security and OT network cyber security conferences are important but still leave a gaping hole - the control system devices.
I attended the April 23rd Atlantic Council’s 8th Annual International Conference on Cyber Engagement. This was a policy, not technical, conference. As best as I could tell, there were very few “practicing” engineers that attended. The Atlantic Council should consider having more engineers participating to support the policy makers on...
Large electric transformers are critical to maintaining the grid. However, they are cyber vulnerable to long-term damage. Yet, the electric industry has not done near enough to address these critical vulnerabilities.
The agenda has been released for the Atlantic Council’s 8th Annual International Conference on Cyber Engagement April 23rd at the George Washington University Lisner Auditorium - https://www.atlanticcouncil.org/icce. I will be on a panel session “IoT & Operational Technology Cyber Implications”.
We need to rethink how we secure control systems in a holistic manner as control system cyber attacks have become more stealthy and dangerous - and less detectable. This includes appropriate control system cyber security policies, procedures, training, and technologies as some do not yet exist.
Sophisticated cyber attacks can be misidentified as malfunctions. This brings up the need for out-of-band sensor monitoring as an independent view of the process conditions from the potentially compromised IP networks. The current focus on IT/OT convergence rather than reaching out to engineering will continue to lead to “blind spots”...