Coming soon: Ralph’s book on robust control system networks

Coming soon: Ralph’s book on robust control system networks

Efforts to enhance control system security are around for about a decade. Yet the average chemical plant, power plant, automotive factory or military weapon system still shows a security posture that might not even survive a simple network scan. This led Ralph to...

Don’t assume it is safe and secure just because it ought to be

Recently I was invited to speak at an international event on global security and terrorism hosted by Reuters (see coverage here). Besides the opportunity to meet senior correspondent Peter Apps and a bunch of journalists from all over the world, the event included a...

Observations from ICCC

Last week I was in Tallinn to give a talk at NATO’s International Conference on Cyber Conflict. Here are some impressions. After recent events like Stuxnet and the publication of the new US cyber strategy it was pretty clear that this year’s conference would be very...

Enumerating Stuxnet’s exploits

There are several misconceptions about the exploits used in Stuxnet, such as that all underlying vulnerabilities would have been fixed by now, or that there’s no need to worry about copycats because the exploits at the controller level were highly specific and would...

A declaration of bankruptcy for US critical infrastructure protection

According to the Wall Street Journal, DoD’s first formal cyber strategy is based on the doctrine that a cyber attack on US critical infrastructure can be retaliated by a conventional military strike. The article is decorated with macho statements from unidentified...