Security Experts:

WRITE FOR US
Eric Knapp's picture

Eric Knapp

Contact Eric Knapp

Eric D. Knapp (@ericdknapp) is a recognized expert in industrial control systems cyber security, and continues to drive the adoption of new security technology in order to promote safer and more reliable automation infrastructures. Eric is currently the Director of Cyber Security Solutions and Technology for Honeywell, and is the Chief Technical Advisor, North America for the Industrial Cybersecurity Center. He is also the author of “Industrial Network Security: Securing Critical Infrastructure Networks for Smart Grid, SCADA and Other Industrial Control Systems.” His new book, “Applied Cyber Security for Smart Grids” was co-authored with Raj Samani, McAfee CTO EMEA. The opinions expressed here represent Eric's own and are not those of his employer.

Recent articles by Eric Knapp

  • Shall We Play a Game?
    Enemy infrastructure is and always has been an important military target. The difference is that with increasingly automated and connected infrastructure, the ability for an enemy to target these systems digitally has increased, putting these systems at greater risk.
  • Tech Debate: Is The Cloud Critical Infrastructure?
    There’s been a lot of debate lately over the role the Cloud has within Critical Infrastructure, and whether or not the Cloud is itself a Critical Infrastructure.
  • ISA Automation Week Conference Wrap Up
    On day two and three of ISA Automation Week conference, the critical role of industrial automation continued to be a common theme throughout the Industrial Network Security track.
  • ISA Automation Week Day One Wrap Up: Building an ROI for Industrial Cyber Security
    Implementing a more mature cyber security profile within automation means an investment in both time and resources. Being able to measure business performance in real-time is the first step in justifying the ROI of this much-needed increase in cyber security controls.
  • The Rogue Internet: The Evolution of the Cyber Threat
    Because transactions using virtual currencies happen anonymously, they confuse issues of jurisdiction and can become difficult to enforce. When authorities do take action, cybercrime simply re-images itself with a new currency and a new platform.
  • Why I'm Not (very) Worried about PRISM
    The NSA tapping into our digital lives is a heinous breach of privacy, say those on the opposing team. I say, “meh.” Assume that everything you do and say is being watched and heard, always.
  • What the Debates on Information Sharing Didn’t Miss
    The “if it works don’t touch it” mentality continues to thwart many aspects of cyber security — including information sharing. It’s also why the trust required to implement a successful Information Sharing scheme is also unlikely to blossom overnight.
  • What the Debates on Information Sharing Seem to be Missing
    If threat information is available but not fully and effectively utilized, then knowledge is not power—it is simply knowledge. Books in a library, unread. A lecture, unattended.
  • Can Privacy Turn to Piracy?
    Could smart meter data provide information needed to steal a physical asset? Theoretically, yes.
  • Searching for Silver Bullets In SCADA and ICS Environments
    In an industrial control system, Application Whitelisting is the answer to our collective prayers: there’s no need to patch, update large virus libraries, and there’s almost no drain on CPU and memory. It is, basically, a silver bullet.
  • Critical Infrastructure Security: Host Security Needs in the Device Network
    This is the third in a series of articles on the new “3x3” security model for critical infrastructure cyber security. This week, Eric discusses host security needs in the device network.
  • Addressing SCADA Endpoint Protection Concerns
    Endpoint protection in SCADA environments can pose some interesting cyber security challenges. For example, once these systems are up and running, nothing can change without risking the reliability and continued operation of the automated process(es).
  • A New Cyber Security Model for SCADA
    We’ve all heard about the inherent vulnerabilities of SCADA and ICS systems, yet we continue to focus cyber security on the surrounding IT systems using these traditional IT tools. The solution requires a new security model that addresses the specific challenges of the industrial automated world.
  • SCADA Mischief Episode 2: Context and Correlation
    A story on Defending Against Insider Threats in SCADA Environments Using Context and Correlation through an Episode at a Fictional Plastics Company.
  • SCADA Mischief Episode 1: A Picture is Worth a Thousand Worms
    Eric shines some light on industrial control system cyber security through a story of a disgruntled control system operator with admin privileges on key systems, and with badge access to sensitive places full of buttons and levers.
  • We Are Not Paranoid: Protecting the Digital Oil Field
    In truly Critical Infrastructure, the ROI of cyber security is measured in human lives. My mantra has always been to over-protect, especially when the network being protected is critical.
  • Grid Cyber Security: Removing the Reality Distortion Field
    From a cyber security perspective, energy transmission involves several important information paths and several unique digital assets. Cyber security seems to be focused on energy generation, but what if a Stuxnet-class attack was engineered to target transmission and distribution systems?
  • Son of Stuxnet: Is SCADA the New Low Hanging Hacker Fruit?
    While Stuxnet was extremely sophisticated and targeted, there are many broader and simpler attacks that are now not only possible, but easy. Industrial control systems may be the new “low hanging fruit” of cyber security, and hackers have developed a taste for them.
  • Industrial Control Systems Security One Year After Stuxnet: Got Vulnerabilities? Deal with it.
    There’s been a lot of recent reflection on SCADA and Industrial Control Systems cyber security in the year following Stuxnet. Why is the current state of SCADA and ICS security the fault of Siemens, Alstom, Rockwell Automation, or any other control system vendor?
  • SCADA Protocol Plundering
    Eric discusses SCADA and Industrial Control Protocols, and how to protect a process control network from misuse of these protocols.
  • Bridging the Air Gap: Examining Attack Vectors into Industrial Control Systems
    Situational awareness, in the context of threat detection, means monitoring all activity on the network. In this example, monitor network flows and compare those against the allowed information flows, per your firewall configuration.
  • Something SCADA This Way Comes: Demystifying Industrial Network Security
    You’ve heard the acronyms: SCADA, ICS, IACS, DCS, PCS, CI. You’ve caught the catchphrases: air-gap defense, critical infrastructure, cyber war, advanced persistent threat. So what do these all mean?