Siobhan Gorman of the Wall Street Journal had an interview with CSPAN radio on April 11th based on her article on cyber spies in the US electric grid. When asked how the evidence was found, she said the intelligence agencies installed special detection mechanisms that picked up the evidence, not the power companies. The control system cyber forensics for power companies, and other industries, are marginal at best. As I mentioned earlier, I know of two electric utilities that recently had cyber incidents with brand new control systems. In both instances, the cyber logging was not sufficient to identify “who” or “when”. This was a shortcoming of the LOGIIC program for oil/gas. They have a high-powered inference engine for cyber diagnostics, but little, if any cyber information to feed it. If the intelligence agencies do have this capability, why isn’t being used throughout critical infrastructure?
Control system cyber forensics will be an item of discussion at the October ACS Control System Cyber Security Conference in Washington.
Joe Weiss
