As noted in a previous blog, I was assured the CIA announcement on the overseas control system cyber attacks was indeed real.
The announcement spawned an immense amount of smoke and/or fire- real or fear mongering - as there were essentially no details provided.
More recently, DHS published a cyber intelligence note stating that cyber attacks on control systems overseas portend no homeland threat. The note's intent was to say there was no credible intelligence that an attack was imminent. This type of wording may provide the intended meaning to the intelligence community, but in the commercial world it can, and has been read to say, "don't worry."
My concern is that the pieces are imminently present:
-vulnerable control systems from common vendors connected in common ways running common (at least for control systems) protocols
-Internet threats that are not geographically isolated
-Internet direct and indirect probes and attacks
A need now evident is how to convey the same meaning to different parties that "speak a different language", but are addressing the same problems.
Joe Weiss
Leaders relevant to this article: