I had a discussion with a senior utility person involved with Smart Grid. He told me about all of his cyber experts (he did not consider me a cyber security expert), many of which are very good at hacking/crashing systems. However, he had very few “experts” on the systems they are trying to protect. The intent of control system cyber security is not to hack these cyber vulnerable systems but to protect them. Wouldn’t it make sense to also have experts on the systems you are trying to protect?
Joe Weiss