1. Home

The continued lack of ICS cybersecurity understanding and Defense Secretary Panetta's warning

Oct. 14, 2012
On Monday October 8th, I gave a seminar at Stanford's Center for International Security and Cooperation (CISAC). The following is a note from CISAC:
"... The Industrial Control Systems vulnerability was likely little known by most of our audience..."

On Monday October 8th, I gave a seminar at Stanford's Center for International Security and Cooperation (CISAC). The following is a note from CISAC:
"... The Industrial Control Systems vulnerability was likely little known by most of our audience..."

On Wednesday October 10th, I gave a presentation at the Air Force Research Institute's (AFRI) Cyber Power Conference. The following is a note from AFRI:
"... I think presenting at the AFRI Cyber Power conference got the right message to some of the right ears. Several people commented that you provided valuable context for the serious cyber armed-attacks that we would likely see in a cyber war, rather than the criminal activity that is currently in the mass media. This was value added for both the Air Force, and the national security community at large."

On Thursday October 11th, I had an opportunity to attend the Atlantic Council and World Institute for Nuclear Security's (WINS) conference on Mitigating the Cyber Threat to Innovate the Nuclear Power Market. I had two observations:
- There were very few attendees that understood ICSs which makes a conversation on nuclear plant cyber security problematic at best.
- There was discussion of what should be a nuclear plant Design Basis Threat (DBT) for cyber. This included what would be included as part of a DBT and what would be considered outside the scope of DBT. One suggested approach was a nation-state attack would be beyond the DBT. In my opinion, a specific cyber DBT does not make sense as cyber threats are constantly changing. It may be difficult to identify the difference between a nation-state vs a non-nation state attack. My belief is not to have a cyber incident (malicious or unintentional) exceed the design basis for the nuclear plant independent of the source of the cyber incident - nation-state, non-nation-state, unintentional, etc.

On Friday October 12th, I was part of a proposal review panel of the Transportation Research Board on ICS cyber security for mass transit.

The common thread in the meetings was the general lack of ICS cyber security understanding. Consider this in light of Defense Secretary Panetta's warning about Iranian cyber attacks against the critical infrastructures.

Joe Weiss

Continue Reading

Sponsored Recommendations

2024 Industry Trends | Oil & Gas

We sit down with our Industry Marketing Manager, Mark Thomas to find out what is trending in Oil & Gas in 2024. Not only that, but we discuss how Endress+Hau...

Level Measurement in Water and Waste Water Lift Stations

Condensation, build up, obstructions and silt can cause difficulties in making reliable level measurements in lift station wet wells. New trends in low cost radar units solve ...

Temperature Transmitters | The Perfect Fit for Your Measuring Point

Our video introduces you to the three most important selection criteria to help you choose the right temperature transmitter for your application. We also ta...

2024 Industry Trends | Gas & LNG

We sit down with our Industry Marketing Manager, Cesar Martinez, to find out what is trending in Gas & LNG in 2024. Not only that, but we discuss how Endress...

Latest from Home

Source: Trihedral

Most Read

Sponsored