664772091d722971c8cd4847 The 2024 Rsa Cybersecurity Conference
  1. Blogs
  2. Unfettered Blog

The 2024 RSA Cybersecurity Conference: What wasn’t addressed can hurt you

May 17, 2024
Was the real scope of control system cyber incidents properly addressed?

The RSA Cybersecurity Conference in San Francisco is billed as the largest cybersecurity conference in the world with something like 40,000 attendees. I have been attending the RSA Cybersecurity Conference since the early 2000’s and have spoken there a few times. RSA is a five-day conference with the IT cybersecurity rock stars presenting.

I only attended for two days. My observations are unscientific. Given that preamble, on the surface, things are getting better as most everyone I talked to had heard of OT, though most only knew the title, not what it really meant. Those that knew what OT stood for felt it was just about the OT networks. Very few people had heard of control system cybersecurity, and even some of the OT vendors were not aware of the lack of cybersecurity in the process sensors that are inputs to their network monitoring.

No one I talked to was aware of the real scope of the problem or was aware that have been millions of control system cyber incidents. This was evident in that the control system cybersecurity rock stars were not speaking. This year, critical infrastructure cybersecurity took a prominent position with the issuance of NSM 22. NSM22 states: “it is diverse and complex, and includes distributed networks, varied organizational structures, operating models, interdependent systems, and governance constructs.” There was no mention of hardware.

Yet the critical infrastructure is dependent on hardware – pumps, motors, valves, relays, transformers, turbines, robots, etc. As a result, there were no discussions of hardware control system cyber issues such as hardware backdoors in Chinese electric power transformers, port cranes, inverters and circuit breakers; possible control logic compromises with the Iranian Unitronics’ PLC attacks; Russian cyberattacks against U.S. critical infrastructures; the Aurora vulnerability which manipulates physics not data; data center shutdowns from process sensors and chiller motor issues; and medical device control system cyber incidents that have injured hundreds.

Maybe next year RSA will have more of a focus on critical infrastructure cybersecurity.

Continue Reading

Sponsored Recommendations

Make Effortless HMI and PLC Modifications from Anywhere

The tiny EZminiWiFi is a godsend for the plant maintenance engineers who need to make a minor modification to the HMI program or, for that matter, the PLC program. It's very easy...

The Benefits of Using American-Made Automation Products

Discover the benefits of American-made automation products, including stable pricing, faster delivery, and innovative features tailored to real-world applications. With superior...

50 Years of Automation Innovation and What to Expect Next

Over the past 50 years, the automation technology landscape has changed dramatically, but many of the underlying industry needs remain unchanged. To learn more about what’s changed...

Manufacturing Marvels Highlights Why EZAutomation Is a Force to Be Reckoned With

Watch EZAutomation's recent feature on the popular FOX Network series "Manufacturing Marvels" and discover what makes them a force to be reckoned with in industrial automation...

Latest from Unfettered Blog

shutterstock_1188354160
shutterstock_2490427915
shutterstock_2367218585

Most Read

Sponsored