Freeman Spogli Institute for International Studies Center for International Security and Cooperation Stanford University


Events




Cyber Security of Industrial Control Systems – What Does It Mean to National Security?  
Science Seminar

Date and Time
October 8, 2012
12:00 PM - 1:30 PM

Availability
Open to the public
No RSVP required


Speaker
Joseph Weiss - Consultant at Applied Control Solutions


Industrial Control Systems (ICSs) are used throughout the industrial infrastructure and military applications. These systems are designed to be highly reliable and safe, but were not designed to be cyber secure. Moreover, many of these systems do not even have cyber logging or forensics. Consequently, these systems, which constitute the “soft underbelly” of the American economy and defense, can enable a “cyber Pearl Harbor” to occur without having the capability of even knowing the impacts were cyber-induced. Stuxnet and Aurora have demonstrated that cyber can be used as a weapon to damage or destroy engineering equipment and systems.

To date, there have been more than 225 actual control system cyber incidents worldwide affecting electric power, water, chemicals, pipelines, manufacturing, mass transit, and even aircraft. Most of the incidents have been unintentional. Selected unintentional incidents will be addressed at the ICS Cyber Security Conference (http://www.icscybersecurityconference.com/). However, there have been a number of targeted cyber attacks. The Stanford presentation will focus on Stuxnet and Aurora. It will address the lack of air-gaps, insecureable legacy ICSs, lack of cyber forensics, and cultural issues between IT and Operations that can enable these attacks to occur and evade detection.


Joseph Weiss is an industry expert on control systems and electronic security of control systems, with more than 35 years of experience in the energy industry. Mr. Weiss spent more than 14 years at the Electric Power Research Institute (EPRI) where he led a variety of programs including the Nuclear Plant Instrumentation and Diagnostics Program, the Fossil Plant Instrumentation & Controls Program, the Y2K Embedded Systems Program and, the cyber security for digital control systems. As Technical Manager, Enterprise Infrastructure Security (EIS) Program, he provided technical and outreach leadership for the energy industry's critical infrastructure protection (CIP) program. He was responsible for developing many utility industry security primers and implementation guidelines. He was also the EPRI Exploratory Research lead on instrumentation, controls, and communications.

Location
CISAC Conference Room
Encina Hall Central, 2nd floor
616 Serra St.
Stanford University
Stanford, CA 94305
» Directions/Map


FSI Contact
Peter Davis



|