The starting point for cyber security is identifying incidents as being cyber-related. Network-based cyber incidents can be identified as being cyber-related as there are network monitoring systems and network cyber security training. Control systems are used in critical infrastructures and DoD to monitor and control physical processes such as power grids, boilers, pipelines, fuel tanks, and manufacturing. At the control system field device level (e.g., process sensors, actuators, and drives), there is no cyber forensics, authentication, or cyber security training. Consequently, most control system cyber incidents are not identified as being cyber-related but identified as electrical or mechanical problems. This is not hypothetical as there have been more than 17 million control system cyber incidents that have killed more than 32,000 people with most of these incidents not identified as being cyber-related. Sophisticated cyber attackers are exploiting this gap in cyber protection as there is no identification or attribution. This presentation will identify issues associated with identifying control system incidents as being cyber-related.
Who: Mr. Joe Weiss
What: Identifying Control System Cyber Incidents
When: Noon Eastern / 14 Feb 2024
Phone: +1 (669) 224-3412
Access Code: 445-472-709
Bio: Joe Weiss is an expert on control system cyber security. He has published over 80 papers on instrumentation and control systems, control system cyber security, book chapters on cyber security for electric substations, water/wastewater, data centers, and cyber policy, and authored Protecting Industrial Control Systems from Electronic Threats. He has amassed a database of more than 17 million control system incidents. He is an International Society of Automation (ISA) Fellow, Managing Director of ISA99, a Ponemon Institute Fellow, and an IEEE Senior Member. He was featured in Richard Clarke’s book Warning – Finding Cassandras to Stop Catastrophes. He has patents on instrumentation, control systems, and OT networks, is a registered professional engineer and has Critical Incident Stress Management (CISM) certification, as well as Certified in Risk and Information Systems Control (CRISC).