Texas A&M Instrumentation & Automation Symposium speech and presentation now available – the need to understand ICS cyber security

Feb. 5, 2018

There continues to be significant misinformation about control system cyber security and critical infrastructure protection. Consequently, I am making my Texas A&M speech and presentation available here. I hope this opens some eyes.

There continues to be significant misinformation about control system cyber security and critical infrastructure protection. This misunderstanding can be seen by comments and articles about the recent Triconex safety system cyber attack illustrating the lack of understanding of what is a safety system. The almost complete lack of understanding about the lack of security and authentication in Purdue Reference Model Level 0,1 devices (e.g., process sensors, actuators, and drives) makes it impossible to secure commercial, industrial, and defense infrastructures if the sensing input and final actuation devices can’t be trusted. There is still minimal understanding about the Aurora vulnerability (it is NOT malware) and how it can be used to bring the grid down for 9-18 MONTHS.  There is also very little understanding of what compromises a cyber incident as well as the fact there have been more than 1,000 control system cyber incidents to date with more than 1,000 deaths. There continues to be a reticence to want to discuss these ICS cyber security issues at “mainstream” cyber events as they do not always fit the mold of traditional IT cyber threats. Consequently, I am making my Texas A&M speech and presentation available here. I hope this opens some eyes.

Joe Weiss