Control Systems Cybersecurity Expert, Joseph M. Weiss, is an international authority on cybersecurity, control systems and system security. Weiss weighs in on cybersecurity, science and technology, security emerging threats and more.
Mike Assante wrote two blogs: You're Not Imagining It: Civilization is Flickering, part 1 and 2. Mike is saying is what I have been saying: network monitoring of control system networks is necessary but not sufficient.
My list of actual control system cyber incidents continues to grow with almost 1,100 incidents with more than 1,000 deaths, and more than $60Billion in direct damage. Unfortunately, there is still very little control system cyber forensics or training for the control system engineers to identify these types of incidents.
Little progress has been made on control system cyber security and its impacts on safety and reliability. That is, the focus has been on network anomaly detection not process anomaly detection. The recent Columbia Gas natural gas over-pressurization event demonstrates the need for process anomaly detection.
The September 13, 2018 Columbia Gas Low-pressure Natural Gas Distribution System pipeline explosions killed one-person, injured 28, and damaged 131 structures. This was not a malicious control system cyber event (though it could have been) but a tragic comedy of errors, lack of appropriate process sensor monitoring, lack of SCADA...
Network monitoring is necessary but not sufficient to cyber secure control systems and prevent long term equipment damage and is intractable. Making cyber security an engineering problem can make an intractable network problem tractable, prevent long term equipment damage, improve safety and reliability, and help in identifying impacts from supply...
Hopefully, the book Warnings- Finding Cassandras to Stop Catastrophes can reach the appropriate decision makers to help move the needle on cyber securing the control systems in our commercial and industrial infrastructures.
The common thread between Aurora and the UPS attacks are that systems that were designed to protect mission critical systems have been co-opted to be used as attack vectors against the very systems they were meant to protect.
Bolting on/adding security to legacy control systems may be necessary but it requires a detailed understanding of potential control system interactions which may not be either an IT or OT expertise. Without appropriate understanding, the cure can be worse than the disease.