The presentation will include: Process sensors (Level 0 devices) are inherently cyber vulnerable yet remain largely unrecognized by cybersecurity organizations. Process sensor incidents, both malicious and unintentional, have caused catastrophic and fatal cyber/operational events across multiple sectors, but were not identified as being cyber-related. Fatalities have occurred in every decade since the 1980s, including this decade. Monitoring process sensors at the physics level can materially improve reliability, safety, and cybersecurity. A discussion of what a process sensor cybersecurity program should include and what organizations should be involved. The implications of non-cybersecure process sensors on U.S. and EU cybersecurity requirements. Nation-state actors, including Russia, China, and Iran, understand Level 0 cyber deficiencies. In contrast, most cyber defenders do not and won’t identify process sensor incidents as being cyber-related. This gap helps explain why process sensor cybersecurity remains largely absent from OT security forums and RSA Conference discussions. It may also explain why government OT cybersecurity advisories don’t include insecure Level 0 devices, even though process sensors provide the trusted input to controllers and SCADA/DCS systems.

Biography:

Joe Weiss of Applied Control Solutions helped start control system (now OT) cyber security in 2000. He comes from a background in instrumentation, control, and safety systems and melds that with expertise in cyber security. He has amassed a non-public database of more than 11 million control system cyber incidents. His knowledge and experience allows him to provide expert consulting to governments, end-users, equipment suppliers, and cyber security companies. The includes analysis of actual control system (OT) cyber incidents, development of training based on actual incidents, development of white papers and podcasts based on actual incidents, and providing keynote presentations.

Joe Weiss

Process sensors measuring pressure, level, flow, temperature, etc. are assumed to be uncompromised, authenticated, and correct. 

Biography:

Joe Weiss is an expert on control system cyber security. He has published over 80 papers on instrumentation and control systems, control system cyber security, book chapters on cyber security for electric substations, water/wastewater, data centers, and cyber policy, and authored Protecting Industrial Control Systems from Electronic Threats. He has amassed a database of more than 17 million control system incidents. He is an ISA Fellow, Emeritus Managing Director of ISA99, a Ponemon Institute Fellow, and an IEEE Senior Member. He was featured in Richard Clarke’s book- Warning – Finding Cassandras to Stop Catastrophes. He has patents on instrumentation, control systems, and OT networks, is a registered professional engineer and has CISM and CRISC certifications. He is a member of Control's Process Automation Hall of Fame.