The WFS Permanent Monitoring Panel for Catastrophic Risk Mitigation is holding five Sessions August 17-25th, 2021 that are relevant to all the Planetary Emergencies identified within the WFS program. August 24th, I will be on an Engineering Infrastructure Resilience Panel discussing Cyber-Physical Security of Critical Infrastructures – Catastrophic Risks and Mitigation Strategies. Panelists will include Walter Grayman, Ali Mosleh from UCLA, Shaikha Al-Sanad from the Kuwait Institute for Scientific Research, Andrew Ohrt from West Yost, John Organek from the EIS Council, and myself.
My presentation will address similar subjects to what I presented August 17, 2021 at the IS2 Conference in Prague. That is, a focus on the lack of cyber security, authentication, and cyber logging of Level 0,1 control system devices. Specifically, I will address how monitoring of the electronic characteristics of the process instrumentation can provide ground truth process anomaly detection regardless of the state of the IT or OT networks. This is the same approach recently approved by the Israel Water Authority for monitoring the water systems in Israel as off-line monitoring of the electrical characteristics of the process sensors cannot be hacked. This approach can improve the cyber security of all critical infrastructures even though the prevailing approach is a concentration on network security.
With the plethora of control system and critical infrastructure equipment coming from China with untrusted pedigrees, the process anomaly detection approach may be one of the few ways of addressing this existential problem such as those identified in Presidential Executive Order 13920. Again, the prevailing approach for supply chain security is a focus on software bill of materials which is somewhat irrelevant for equipment made in China.
Joe Weiss
