Because of travel commitments, I have not been actively blogging. Yesterday nite, I gave a presentation at the IEEE Industry Applications Society in Concord, CA. Today, I am flying to Albuquerque to give an invited presentation to an Air Force Cyber Security and Surety meeting. During last nite’s IEEE meeting, I was discussing the concern that ICSs have not, and continue not be designed for security considerations other than bolt-on additions. Not only did all of the ICS vendor attendees agree, one of the attendees mentioned an actual case where a major ICS supplier poured tens of millions of dollars into a new ICS that did not have security adequately addressed. When that system was impacted by a cyber event, the design was such they were unable to shut the ICS down. Suffice it to say, the vendor cancelled that particular ICS line at a very substantial cost. Joe Weiss
