November 17, 2021 Twin Cities ISA Education Event - Control system cybersecurity

Nov. 14, 2021
November 17, 2021, I will be giving a presentation at 7PM Central time to the Twin Cities ISA Education Event on Control system cybersecurity.  Control system cyber security is more than just network security (IT and OT) which is necessary but not sufficient to secure any control system. The presentation is an engineer’s view of control system cyber security based on “facts and physics” including the almost 12 million actual control system cyber incidents identified to date. Most of these incidents were not identified as being cyber-related as there is no cyber forensics at Level 0,1 layer nor cyber security training for the control system engineers. It will also address the gaps in government policies and industry standards. Click here to join the meeting  

Control system cybersecurity is different than IT cybersecurity. It is also more than just network security (IT and OT) which is necessary but not sufficient to secure any control system. There is still confusion as to what constitutes Operational Technology (OT) vs control system cybersecurity and whether control system cyber threats are real. This presentation will address the unique issues with control system cybersecurity, gaps in government policies and industry standards, and a discussion of selected actual control system cyber incidents from multiple industries. Industries include power, water/wastewater, refining, pipelines, buildings, medical device manufacturing, food manufacturing, transportation, etc.

The presentation is an engineer’s view of control system cyber security based on “facts and physics” including the almost 12 million actual control system cyber incidents identified to date. Most of these incidents were not identified as being cyber-related as there is no cyber forensics at Level 0,1 layer nor cyber security training for the control system engineers.

The following items recently occurred that will be addressed:

-  CISA held a tabletop exercise at the Salt Lake City Chevron refinery. In 2015, DHS declassified more than 800 pages on the Aurora vulnerability. One of the DHS slides identified the PG&E substations that, if compromised, would damage the Alternating Current (AC) rotating equipment at the Chevron Richmond refinery. The Aurora slides also include how Aurora can damage water systems and natural gas pipeline compressors. These issues are not addressed by American Water Works Association (AWWA) cyber security guidelines for water or TSA cyber security requirements for pipelines.

- The Office of the Director of National Intelligence released a National Intelligence Estimate stating that “China is the world’s leading supplier of advanced grid components for ultra-high-voltage systems, such as transformers, circuit breakers, and inverters, which we assess creates cyber vulnerability risks.”  These hardware supply chain issues are not being addressed. Moreover, the NERC CIPs exclude the technical issues needed to address existing hardware backdoors.

-  There is no cyber security in process measurements, actuators, drives, analyzers, and safety protocols. A state-of-the-art safety pressure transmitter failed more than 60 of the cyber security requirements in ISA 62443-4-2. How can you be cyber secure, safe, or resilient if you can’t trust what you measure?

A paradigm change will be presented to make intractable OT network problems tractable engineering approaches that can withstand IT network malware including ransomware.

Click here to join the meeting 

Joe Weiss

Sponsored Recommendations

Measurement instrumentation for improving hydrogen storage and transport

Hydrogen provides a decarbonization opportunity. Learn more about maximizing the potential of hydrogen.

Get Hands-On Training in Emerson's Interactive Plant Environment

Enhance the training experience and increase retention by training hands-on in Emerson's Interactive Plant Environment. Build skills here so you have them where and when it matters...

Learn About: Micro Motion™ 4700 Config I/O Coriolis Transmitter

An Advanced Transmitter that Expands Connectivity

Learn about: Micro Motion G-Series Coriolis Flow and Density Meters

The Micro Motion G-Series is designed to help you access the benefits of Coriolis technology even when available space is limited.