Control Systems Cybersecurity Expert, Joseph M. Weiss, is an international authority on cybersecurity, control systems and system security. Weiss weighs in on cybersecurity, science and technology, security emerging threats and more.
One of the last of the executive nuclear power pioneers that led the transition from navy nuclear plants to commercial nuclear power passed away. He also was aware that cyber security needed to be addressed.
Moody’s will incorporate cyber risk into its existing credit ratings. Moody's is considering a stand-alone cyber risk rating separate from the credit rank – this is expected to include control system cyber threats.
The lack of cyber security of sensors are a real, but unaddressed problem. There is an approach that can directly address reliability, safety, quality, and productivity. What does it take to wake people up before further catastrophic sensor-related failures occur?
Mike Assante wrote two blogs: You're Not Imagining It: Civilization is Flickering, part 1 and 2. Mike is saying is what I have been saying: network monitoring of control system networks is necessary but not sufficient.
My list of actual control system cyber incidents continues to grow with almost 1,100 incidents with more than 1,000 deaths, and more than $60Billion in direct damage. Unfortunately, there is still very little control system cyber forensics or training for the control system engineers to identify these types of incidents.
Little progress has been made on control system cyber security and its impacts on safety and reliability. That is, the focus has been on network anomaly detection not process anomaly detection. The recent Columbia Gas natural gas over-pressurization event demonstrates the need for process anomaly detection.
The September 13, 2018 Columbia Gas Low-pressure Natural Gas Distribution System pipeline explosions killed one-person, injured 28, and damaged 131 structures. This was not a malicious control system cyber event (though it could have been) but a tragic comedy of errors, lack of appropriate process sensor monitoring, lack of SCADA...
Network monitoring is necessary but not sufficient to cyber secure control systems and prevent long term equipment damage and is intractable. Making cyber security an engineering problem can make an intractable network problem tractable, prevent long term equipment damage, improve safety and reliability, and help in identifying impacts from supply...