1. Home

Additional technical input on Unfettered blogs and ACS control system cyber incident database

Nov. 8, 2020

I have made the Unfettered blogs available for more than 13 years that have addressed many important control system technical issues that have either not been addressed (e.g., sensors) or the popular perception is not correct (e.g., Aurora). The database has more than 1,250 actual control system cyber incidents. Many of the cases are not public. However, they are critically important to cyber security technology, policy, and training development. If interested, I would be willing to provide additional technical input behind specific blogs and/or provide sanitized case histories on a retainer basis.

As a public service, I have made the Unfettered blogs available for more than 13 years (www.controlglobal.com/unfettered). The blogs have addressed many important control system technical issues that have either not been adequately addressed (e.g., process sensors) or the popular perception is not correct (e.g., Aurora). I have been asked many times for further details on the blogs. Wednesday, November 4, 2020, I did a webinar on the Aurora vulnerability in response to issues with the Wired article “How 30 lines of code blew up a 27-ton generator”. The webinar addressed the Aurora vulnerability history, INL test, technical issues associated with Aurora, and actual Aurora incidents. Aside from the two attendees that were party to the Aurora issues, the information was new to everyone else resulting in more than 30 minutes of questions. The webinar recording has not been made public though there have been many requests. 

The control system cyber incident database has more than 1,250 incidents from electric (fossil, hydro, nuclear, renewables, SCADA, and substations), water/wastewater, oil/gas, pipelines, manufacturing, transportation, medical, and space. Many of these incidents were catastrophic as there have been more than1,500 deaths and $70Billion in direct damage. I have been asked often about the database as it is not publicly available because many of the cases are not public. Many of the really damaging control system incidents in the database were not IP-network-based and consequently have not been addressed by OT monitoring technologies or OT security training.

If interested, I can provide additional technical details behind specific blogs and/or provide sanitized case histories on a retainer basis.

Joe Weiss

About the Author

Joe Weiss | Cybersecurity Contributor

Joe Weiss P.E., CISM, is managing partner of Applied Control Solutions, LLC, in Cupertino, CA. Formerly of KEMA and EPRI, Joe is an international authority on cybersecurity. You can contact him at [email protected]

Email

Continue Reading

Sponsored Recommendations

Make Effortless HMI and PLC Modifications from Anywhere

The tiny EZminiWiFi is a godsend for the plant maintenance engineers who need to make a minor modification to the HMI program or, for that matter, the PLC program. It's very easy...

The Benefits of Using American-Made Automation Products

Discover the benefits of American-made automation products, including stable pricing, faster delivery, and innovative features tailored to real-world applications. With superior...

50 Years of Automation Innovation and What to Expect Next

Over the past 50 years, the automation technology landscape has changed dramatically, but many of the underlying industry needs remain unchanged. To learn more about what’s changed...

Manufacturing Marvels Highlights Why EZAutomation Is a Force to Be Reckoned With

Watch EZAutomation's recent feature on the popular FOX Network series "Manufacturing Marvels" and discover what makes them a force to be reckoned with in industrial automation...

Latest from Home

Crude oil pump jack at oilfield on sunset background
Migrating Foundation Fieldbus-to-Ethernet-APL will take conviction and investment

Most Read

Sponsored