Control Systems Cybersecurity Expert, Joseph M. Weiss, is an international authority on cybersecurity, control systems and system security. Weiss weighs in on cybersecurity, science and technology, security emerging threats and more.
A US utility was compromised. The IP address and credentials for the cyber asset were posted on a Russian-based media site, and the cyber asset was subsequently infected with ransomware. The NERC CIP standards do not adequately address this problem.
Renewable resources are good for the environment and reduce consumer costs but they are not a panacea to reducing electric grid cyber threats as utility-scale solar facilities can utilize hundreds of thousands of solar panels with little to no cyber security.
Network cyber security (IT and OT) is necessary, but NOT sufficient to secure control systems. Securing control systems require an engineering understanding of the systems and their impact, yet the engineers have not been adequately involved.
Juan Lopez from ORNL and I gave a presentation June 27th at the 2018 ISA Power Industry Division (POWID) Conference in Knoxville on cyber security of process sensors. As ISA POWID is an Instrumentation & Control conference, the lack of sensor discussions demonstrates the continuing gap between cyber security and operations.
Mutual aid is an agreement through which other utilities offer their restoration services after natural disasters strike and cause widespread outages. Apparently, there is a desire to extend the mutual aid approach from natural disasters to include cyber attacks.
The water industry doesn’t have an organization that specifically addresses risk the same way it is done in other industries. As such this new organization, AAWDM, is making a series of videos. Module 2 is on critical infrastructure and can be found here.
Cross-correlating the electrical characteristics of process sensors in real time provides a new capability to change the paradigm of control system cyber security as well as reliability, availability, productivity, and safety monitoring