Watch the CINA Distinguished Speaker Series event featuring Joe Weiss, Managing Director at Applied Control Solutions, LLC as he discusses “Control System Cyber Security is More than Network Cyber Security.”
Abstract:
Defense and critical infrastructures including electric grids, water systems, manufacturing, transportation, etc. rely on control systems. Control systems consist of engineering devices “owned” by engineering and Ethernet networks “owned” by network security. Networks have cyber security, cyber forensic capabilities, and network personnel have cyber security training and a cyber security ethic. The engineering devices have no cyber security, cyber forensic capabilities, and the engineers have no cyber security training nor cyber security ethic. The culture gap is the defensive network people do not understand the control systems and generally won’t reach out to the engineers and the engineers view cyber security as e-mail” and do not feel cyber affects them. Meanwhile, the offensive cyber people realize attacking control system devices can cause great harm to physical equipment with no attribution or cyber detection. Applying inappropriate network cyber security technologies have impacted the operation of the control system field devices exacerbating the culture divide. There have been more than 17 million control system cyber incidents that have directly resulted in more than 34,000 deaths and many region-wide electric outages. Despite the improvement in network security technologies, sophisticated attackers can compromise IP networks as demonstrated by Solarwinds. Ransomware has shut down manufacturing facilities due to “an abundance of caution:” Industrial, manufacturing, and transportation facilities cannot be protected by addressing networks alone. Consequently, technologies have been demonstrated that can provide an unhackable approach to control system devices which can help overcome the cultural divide while improving reliability, productivity, and process safety.
Biography:
Joe Weiss is an expert on control system cyber security. In 2000, he helped start the control system cyber security program for the electric utilities. He has published over 80 papers on instrumentation and control systems, control system cyber security, book chapters on cyber security for electric substations, water/wastewater, data centers, and cyber policy, and authored Protecting Industrial Control Systems from Electronic Threats. He has amassed a database of more than 17 million control system incidents. He is an ISA Fellow, Managing Director of ISA99, a Ponemon Institute Fellow, and an IEEE Senior Member. He was featured in Richard Clarke’s book- Warning – Finding Cassandras to Stop Catastrophes. He has patents on instrumentation, control systems, and OT networks, is a registered professional engineer and has CISM and CRISC certifications.