Control Systems Cybersecurity Expert, Joseph M. Weiss, is an international authority on cybersecurity, control systems and system security. Weiss weighs in on cybersecurity, science and technology, security emerging threats and more.
According to the Bitsight report, security ratings allow the electric utilities industry to accurately assess risk across their business ecosystem. However, cyber security ratings currently can’t address control system cyber security yet control systems are existential for any industrial organization.
The sensor ecosystem consists of sensors, sensor networks, alarm management, device management, etc. Sensors are the input to every process and the raw sensor data is instinctively trusted. IOT, Industry4.0, and digital transformation all assume the sensor ecosystem is uncompromised, authenticated, and correct which generally is not true.
NAWC held their first cyber security conference May 21, 2019 in Washington, DC. Similar to many of the industry-specific cyber security conferences I have attended, most of the conference addressed IT-related issues. However, the mix of control system/Operations experts with network security, regulatory, and risk provided valuable new insights to...
There is still a gap in cyber security at the process device level. May 28, 2019, two independent announcements affecting control system supply chain cyber security were made that taken together spell a lack of cyber security, safety, and resilience of all infrastructures including the electric grid.
The demonstrations and presentations at IOT World demonstrated that with AI and machine learning, it appears possible to provide real time machine health and remaining equipment life which has been a long-time dream. However, the IOT data analytics are based on untrusted data and this was not questioned.
I will be participating on a panel session May 21st in Washington at the National Association of Water Companies (NAWC) Cyber Security Conference ( https://www.cvent.com/c/express/da32b208-b6fa-43bd-bf19-6c18b4a2db27). The panel session is: “Industrial Control Systems - The soft underbelly of utility business and service operations”.
There is a need for cyber security conferences for control system engineers that focus on control systems and control system impacts. OT network cyber security and OT network cyber security conferences are important but still leave a gaping hole - the control system devices.
I attended the April 23rd Atlantic Council’s 8th Annual International Conference on Cyber Engagement. This was a policy, not technical, conference. As best as I could tell, there were very few “practicing” engineers that attended. The Atlantic Council should consider having more engineers participating to support the policy makers on...
Large electric transformers are critical to maintaining the grid. However, they are cyber vulnerable to long-term damage. Yet, the electric industry has not done near enough to address these critical vulnerabilities.