Control Systems Cybersecurity Expert, Joseph M. Weiss, is an international authority on cybersecurity, control systems and system security. Weiss weighs in on cybersecurity, science and technology, security emerging threats and more.
The lack of cyber security and authentication of Level 0,1 devices precludes adequate cyber security and safety. The threat is independent of vendor, industry, region, or application and therefore can be even more significant than Stuxnet.
Wednesday, April 4th from 11:00 am-11:45am Pacific, I will be participating in a webinar on “Endpoint Security Best Practices: Implementing the New Guidance from the Industrial Internet Consortium” with Dean Weber, CTO, and Keao Caindec, Vice President of Marketing for Mocana - Brighttalk: https://www.brighttalk.com/webcast/9609/309715
Good engineering principles and practices have been neglected when it comes to control system cyber security that not only affects cyber security but also safety. How can you perform a nuclear or non-nuclear (HazOp) safety analyses if you haven't adequately addressed the cyber-induced system interactions and cyber security at all...
The Russians have been in the US electric grids since at least 2014. The Defense Science Board stated the US critical infrastructure doesn’t have the ability to prevent damage. What is happening to provide resilience and recovery?
Two different fertility clinics on opposite sides of the country had almost simultaneous failures of their liquid nitrogen systems that appear to be process sensor-related and possibly cyber-related. What are the implications to these and other industries using liquid nitrogen?
I participated in the 2018 SINET Security Conference in Mt. View, CA. The agenda can be found at https://www.security-innovation.org/events/silicon/agenda/. There was a dearth of control system cyber discussions and a lack of control system cyber security understanding by many.
I will be participating in a panel at the SINET Security Conference in Mt. View, CA Wednesday. The panel is “ What Are The Emerging And Most Serious Threats Looming On The Horizon?” Our panel moderator is Brian White, Chief Operating Officer, RedOwl Analytics.
Enclosed is the link to my Defcon youtube presentation on lack of security of Level 0,1 devices - https://www.youtube.com/watch?v=UgvVaniZhsk. Considering this presentation elicited a “Like” from Iran (https://www.controlglobal.com/blogs/unfettered/the-iranians-know-about-the-lack-of-security-in-level-01-devices/ ), this presentation should be of interest and a call to action.
October 10, 2016, I wrote a blog: “The NERC CIPs continue to expose the grid to significant cyber vulnerabilities even after the Ukrainian hack” This was because NERC, DOE, and DHS had effectively ignored the 2015 attack as it was against the distribution system.
February 20, 2018 I participated in taping of a Smithsonian History Channel program on Hidden American History at Berkeley Engineering and Research. The demonstration destructively damaged a large steel pipe. This damage can be done via cyber means.