Control Systems Cybersecurity Expert, Joseph M. Weiss, is an international authority on cybersecurity, control systems and system security. Weiss weighs in on cybersecurity, science and technology, security emerging threats and more.
I attended the April 23rd Atlantic Council’s 8th Annual International Conference on Cyber Engagement. This was a policy, not technical, conference. As best as I could tell, there were very few “practicing” engineers that attended. The Atlantic Council should consider having more engineers participating to support the policy makers on...
Large electric transformers are critical to maintaining the grid. However, they are cyber vulnerable to long-term damage. Yet, the electric industry has not done near enough to address these critical vulnerabilities.
The agenda has been released for the Atlantic Council’s 8th Annual International Conference on Cyber Engagement April 23rd at the George Washington University Lisner Auditorium - https://www.atlanticcouncil.org/icce. I will be on a panel session “IoT & Operational Technology Cyber Implications”.
We need to rethink how we secure control systems in a holistic manner as control system cyber attacks have become more stealthy and dangerous - and less detectable. This includes appropriate control system cyber security policies, procedures, training, and technologies as some do not yet exist.
Sophisticated cyber attacks can be misidentified as malfunctions. This brings up the need for out-of-band sensor monitoring as an independent view of the process conditions from the potentially compromised IP networks. The current focus on IT/OT convergence rather than reaching out to engineering will continue to lead to “blind spots”...
Cyber Command is recruiting U.S. energy companies as partners in developing and a new strategy. However, the utility personnel Cyber Command wants are the engineers that know how to operate power plants and substations. However, they generally have no cyber security training or responsibility.
It may not be possible to discriminate between cyber attacks, equipment malfunctions, or cyber attacks meant to look like equipment malfunctions. Consequently, the need to train the engineers and to monitor the sensors is becoming more critical as some of the most critical information to discriminate between these types of...
I did a podcast for Momenta Partners on Control Systems Cybersecurity: A Grim Gap - A Conversation with Joe Weiss - https://hubs.ly/H0gV0z_0. Given the lack of understanding I have a found at RSA this week on Level 0,1 control system field devices, this podcast is timely.
It is important to do a root cause analysis of a “malfunction” whether the incident was malicious (physical or cyber) or unintentional since you may not be able to tell the difference. The root cause team should include representatives from engineering as well as network security.
Hersh Shefrin is the Mario L. Belotti Professor of Finance from the Leavey School of Business at the University of Santa Clara. He wrote an article for Forbes – “Huawei And Facing Up To 5G-Related Cyber Risks” - https://www.forbes.com/sites/hershshefrin/2019/02/21/huawei-and-facing-up-to-5g-related-cyber-risks/#4132692f2672 .