Eric Knapp

Eric D. Knapp (@ericdknapp) is a recognized expert in industrial control systems cyber security, and continues to drive the adoption of new security technology in order to promote safer and more reliable automation infrastructures. Eric is currently the Director of Strategic Alliances for Wurldtech Security Technologies, and the author of “Industrial Network Security: Securing Critical Infrastructure Networks for Smart Grid, SCADA and Other Industrial Control Systems.” His new book, “Applied Cyber Security for Smart Grids” was co-authored with Raj Samani, McAfee CTO EMEA. The opinions expressed here represent Eric's own and not those of his employer.

Recent articles by Eric Knapp

What the Debates on Information Sharing Didn’t Miss

The “if it works don’t touch it” mentality continues to thwart many aspects of cyber security — including information sharing. It’s also why the trust required to implement a successful Information Sharing scheme is also unlikely to blossom overnight.
What the Debates on Information Sharing Seem to be Missing

If threat information is available but not fully and effectively utilized, then knowledge is not power—it is simply knowledge. Books in a library, unread. A lecture, unattended.
Can Privacy Turn to Piracy?

Could smart meter data provide information needed to steal a physical asset? Theoretically, yes.
Searching for Silver Bullets In SCADA and ICS Environments

In an industrial control system, Application Whitelisting is the answer to our collective prayers: there’s no need to patch, update large virus libraries, and there’s almost no drain on CPU and memory. It is, basically, a silver bullet.
Critical Infrastructure Security: Host Security Needs in the Device Network

This is the third in a series of articles on the new “3x3” security model for critical infrastructure cyber security. This week, Eric discusses host security needs in the device network.
Addressing SCADA Endpoint Protection Concerns

Endpoint protection in SCADA environments can pose some interesting cyber security challenges. For example, once these systems are up and running, nothing can change without risking the reliability and continued operation of the automated process(es).
A New Cyber Security Model for SCADA

We’ve all heard about the inherent vulnerabilities of SCADA and ICS systems, yet we continue to focus cyber security on the surrounding IT systems using these traditional IT tools. The solution requires a new security model that addresses the specific challenges of the industrial automated world.
SCADA Mischief Episode 2: Context and Correlation

A story on Defending Against Insider Threats in SCADA Environments Using Context and Correlation through an Episode at a Fictional Plastics Company.
SCADA Mischief Episode 1: A Picture is Worth a Thousand Worms

Eric shines some light on industrial control system cyber security through a story of a disgruntled control system operator with admin privileges on key systems, and with badge access to sensitive places full of buttons and levers.
We Are Not Paranoid: Protecting the Digital Oil Field

In truly Critical Infrastructure, the ROI of cyber security is measured in human lives. My mantra has always been to over-protect, especially when the network being protected is critical.
Grid Cyber Security: Removing the Reality Distortion Field

From a cyber security perspective, energy transmission involves several important information paths and several unique digital assets. Cyber security seems to be focused on energy generation, but what if a Stuxnet-class attack was engineered to target transmission and distribution systems?
Son of Stuxnet: Is SCADA the New Low Hanging Hacker Fruit?

While Stuxnet was extremely sophisticated and targeted, there are many broader and simpler attacks that are now not only possible, but easy. Industrial control systems may be the new “low hanging fruit” of cyber security, and hackers have developed a taste for them.
Industrial Control Systems Security One Year After Stuxnet: Got Vulnerabilities? Deal with it.

There’s been a lot of recent reflection on SCADA and Industrial Control Systems cyber security in the year following Stuxnet. Why is the current state of SCADA and ICS security the fault of Siemens, Alstom, Rockwell Automation, or any other control system vendor?
SCADA Protocol Plundering

Eric discusses SCADA and Industrial Control Protocols, and how to protect a process control network from misuse of these protocols.
Bridging the Air Gap: Examining Attack Vectors into Industrial Control Systems

Situational awareness, in the context of threat detection, means monitoring all activity on the network. In this example, monitor network flows and compare those against the allowed information flows, per your firewall configuration.
Something SCADA This Way Comes: Demystifying Industrial Network Security

You’ve heard the acronyms: SCADA, ICS, IACS, DCS, PCS, CI. You’ve caught the catchphrases: air-gap defense, critical infrastructure, cyber war, advanced persistent threat. So what do these all mean?

SECURITYWEEK NETWORK:

Security Experts:

Eric Knapp

Recent articles by Eric Knapp

Subscribe to SecurityWeek

Popular Topics

Security Community

Stay Intouch

About SecurityWeek