Control Systems Cybersecurity Expert, Joseph M. Weiss, is an international authority on cybersecurity, control systems and system security. Weiss weighs in on cybersecurity, science and technology, security emerging threats and more.
Two different fertility clinics on opposite sides of the country had almost simultaneous failures of their liquid nitrogen systems that appear to be process sensor-related and possibly cyber-related. What are the implications to these and other industries using liquid nitrogen?
I participated in the 2018 SINET Security Conference in Mt. View, CA. The agenda can be found at https://www.security-innovation.org/events/silicon/agenda/. There was a dearth of control system cyber discussions and a lack of control system cyber security understanding by many.
I will be participating in a panel at the SINET Security Conference in Mt. View, CA Wednesday. The panel is “ What Are The Emerging And Most Serious Threats Looming On The Horizon?” Our panel moderator is Brian White, Chief Operating Officer, RedOwl Analytics.
Enclosed is the link to my Defcon youtube presentation on lack of security of Level 0,1 devices - https://www.youtube.com/watch?v=UgvVaniZhsk. Considering this presentation elicited a “Like” from Iran (https://www.controlglobal.com/blogs/unfettered/the-iranians-know-about-the-lack-of-security-in-level-01-devices/ ), this presentation should be of interest and a call to action.
October 10, 2016, I wrote a blog: “The NERC CIPs continue to expose the grid to significant cyber vulnerabilities even after the Ukrainian hack” This was because NERC, DOE, and DHS had effectively ignored the 2015 attack as it was against the distribution system.
February 20, 2018 I participated in taping of a Smithsonian History Channel program on Hidden American History at Berkeley Engineering and Research. The demonstration destructively damaged a large steel pipe. This damage can be done via cyber means.
Separating ICS cyber security safety risk from cyber security economic risk has to be done at Level 0,1. This gives management the ability to make better business decisions. Additionally, the latest safety standards requiring ICS cyber security risk assessments, yet there are no explicit Level 0,1 considerations in the standards.
There continues to be significant misinformation about control system cyber security and critical infrastructure protection. Consequently, I am making my Texas A&M speech and presentation available here. I hope this opens some eyes.
Wednesday, January 31st, 2018, I participated with Mocana on a webinar on the Hatman malware (Trisis – Triconex safety system) attack. The survey question responses from the webinar are the first time I have seen such a lack of confidence in firewalls and network filtering as well as such an...
January 25th, I gave the keynote to the Texas A&M Instrumentation & Automation Symposium. The attendees were primarily end-users, vendors, and consultant control and safety engineers from the chemical and energy industries. The lack of cyber security and authentication in Level 0,1 devices was new to almost all of the participants.