Ready, Set…Hang On, Maybe We Are Not Ready

Recently, the NATO Cooperative Cyber Defence Center of Excellence (CCDCOE) executed their annual Locked Shields exercise in which participating blue team countries defended networks from a NATO-supported red team attacks. In 2016, participating countries saw industrial control systems added to the list of cyber assets they were required to defend. So, how did the U.S. do in this exercise? Unfortunately, in its inaugural... Read more

Too Many Changes, Too Much Noise

Most industrial companies with whom I speak are aware of the amount of control system changes that occur on a daily basis, but lack the proper automation to monitor and manage those changes. This means that significant changes can go uninvestigated, which means unplanned outage, safety, and other risk increases.  Major regulations and standards, including NERC-CIP, IEC 62443, NEI 08-09, and NIST 800-53, to name a few,... Read more

Are We Four Lines of Python Away from Cybersecurity Trouble?

A USA Today reporter recently interviewed the guys who hacked the Jeep Cherokee last year. One of the white hats said something that was particularly distressing. He said that he wrote “four lines of python and owned [had access to] 1.4 million cars.” What gets me is not that he did it (he revealed their hack to Fiat/Chrysler before publishing), but that a hunk of metal traveling down the road at 60 or... Read more

Why ICS Matters

ICS matters.The ICS really matters.In fact, the ICS (Industrial Control System) matters more than any other system in industrial operations because when a plant control system operates at anything less than peak performance, safety, security, and profitability are at risk. The control system is the heart of the plant and, like the one that beats inside our chest, we must work to maintain its health.The ICS is also the brain... Read more