Control Systems Cybersecurity Expert, Joseph M. Weiss, is an international authority on cybersecurity, control systems and system security. Weiss weighs in on cybersecurity, science and technology, security emerging threats and more.
The common thread between Aurora and the UPS attacks are that systems that were designed to protect mission critical systems have been co-opted to be used as attack vectors against the very systems they were meant to protect.
Bolting on/adding security to legacy control systems may be necessary but it requires a detailed understanding of potential control system interactions which may not be either an IT or OT expertise. Without appropriate understanding, the cure can be worse than the disease.
August 27th, 2018, I participated in US Congressman Ro Khanna’s Cybersecurity Roundtable. The panel was originally to be focused on cyber hygiene. After meeting with Congressman Khanna Sunday morning August 26th, critical infrastructure was added to the agenda. The streaming link for the roundtable is available.
I have decided to discontinue my participation in the SecurityWeek ICS Cyber Security Conference. I will continue to participate in control system and ICS cyber security conferences, my Managing Directorship of ISA99, the blogsite at www.controlglobal.com/unfettered , and my focus on instrumentation and control system cyber security, reliability, and safety.
I gave a presentation at the ISA Water/Wastewater Conference August 9th in Bethesda. As with the other conferences I have attended, the other cyber security presentations were on the network which is necessary, but not sufficient.
Addressing the cyber security of the sensors, not the Ethernet packets, has not been addressed by any industrial or DOD cyber security or safety standard. Monitoring of the electrical characteristics can’t prevent sensor integrity issues (hacking or unintentional impacts) but can identify changes which is more than we can do today.
I will be speaking August 9th at the ISA Water/Wastewater Conference in the cyber security track in Bethesda - http://isawwsymposium.com/program/program-schedule/. Like other conferences, I will be the only one speaking on sensors, not networks.