I have been invited to give a presentation on control system cybersecurity at Stanford's Center for International Security and Cooperation (CISAC) as part of their CISAC seminar series on October 8 at Stanford (http://cisac.stanford.edu/research/2956/). The Science Seminars are a lunchtime series that features top scientists and other scholars from the CISAC and Stanford communities and beyond. The Seminar series encourages in-depth discussions of the scientific dimensions of security issues from an audience of scientists, engineers and other researchers.
"Cybersecurity of Industrial Control Systems - What does it mean to National Security?"
Industrial Control Systems (ICSs) are used throughout the industrial infrastructure and military applications. These systems are designed to be highly reliable and safe, but were not designed to be cyber secure. Moreover, many of these systems do not even have cyber logging or forensics. Consequently, these systems, which constitute the "soft underbelly" of the American economy and defense, can enable a "cyber Pearl Harbor" to occur without having the capability of even knowing the impacts were cyber-induced. Stuxnet and Aurora have demonstrated that cyber can be used as a weapon to damage or destroy engineering equipment and systems.
To date, there have been more than 225 actual control system cyber incidents worldwide affecting electric power, water, chemicals, pipelines, manufacturing, mass transit, and even aircraft. Most of the incidents have been unintentional. Selected unintentional incidents will be addressed at the ICS Cybersecurity Conference (www.icscybersecurityconference.com). However, there have been a number of targeted cyber attacks. The Stanford presentation will focus on Stuxnet and Aurora. It will address the lack of air-gaps, insecureable legacy ICSs, lack of cyber forensics, and cultural issues between IT and Operations that can enable these attacks to occur and evade detection.
Joe Weiss