Control Systems Cybersecurity Expert, Joseph M. Weiss, is an international authority on cybersecurity, control systems and system security. Weiss weighs in on cybersecurity, science and technology, security emerging threats and more.
August 27th, 2018, I participated in US Congressman Ro Khanna’s Cybersecurity Roundtable. The panel was originally to be focused on cyber hygiene. After meeting with Congressman Khanna Sunday morning August 26th, critical infrastructure was added to the agenda. The streaming link for the roundtable is available.
I have decided to discontinue my participation in the SecurityWeek ICS Cyber Security Conference. I will continue to participate in control system and ICS cyber security conferences, my Managing Directorship of ISA99, the blogsite at www.controlglobal.com/unfettered , and my focus on instrumentation and control system cyber security, reliability, and safety.
I gave a presentation at the ISA Water/Wastewater Conference August 9th in Bethesda. As with the other conferences I have attended, the other cyber security presentations were on the network which is necessary, but not sufficient.
Addressing the cyber security of the sensors, not the Ethernet packets, has not been addressed by any industrial or DOD cyber security or safety standard. Monitoring of the electrical characteristics can’t prevent sensor integrity issues (hacking or unintentional impacts) but can identify changes which is more than we can do today.
I will be speaking August 9th at the ISA Water/Wastewater Conference in the cyber security track in Bethesda - http://isawwsymposium.com/program/program-schedule/. Like other conferences, I will be the only one speaking on sensors, not networks.
A US utility was compromised. The IP address and credentials for the cyber asset were posted on a Russian-based media site, and the cyber asset was subsequently infected with ransomware. The NERC CIP standards do not adequately address this problem.