Control Systems Cybersecurity Expert, Joseph M. Weiss, is an international authority on cybersecurity, control systems and system security. Weiss weighs in on cybersecurity, science and technology, security emerging threats and more.
Network monitoring is necessary but not sufficient to cyber secure control systems and prevent long term equipment damage and is intractable. Making cyber security an engineering problem can make an intractable network problem tractable, prevent long term equipment damage, improve safety and reliability, and help in identifying impacts from supply...
Hopefully, the book Warnings- Finding Cassandras to Stop Catastrophes can reach the appropriate decision makers to help move the needle on cyber securing the control systems in our commercial and industrial infrastructures.
The common thread between Aurora and the UPS attacks are that systems that were designed to protect mission critical systems have been co-opted to be used as attack vectors against the very systems they were meant to protect.
Bolting on/adding security to legacy control systems may be necessary but it requires a detailed understanding of potential control system interactions which may not be either an IT or OT expertise. Without appropriate understanding, the cure can be worse than the disease.
August 27th, 2018, I participated in US Congressman Ro Khanna’s Cybersecurity Roundtable. The panel was originally to be focused on cyber hygiene. After meeting with Congressman Khanna Sunday morning August 26th, critical infrastructure was added to the agenda. The streaming link for the roundtable is available.
I have decided to discontinue my participation in the SecurityWeek ICS Cyber Security Conference. I will continue to participate in control system and ICS cyber security conferences, my Managing Directorship of ISA99, the blogsite at www.controlglobal.com/unfettered , and my focus on instrumentation and control system cyber security, reliability, and safety.