Security Experts:

Eric Knapp's picture

Eric Knapp

Eric D. Knapp (@ericdknapp) is a recognized expert in industrial control systems cyber security, and continues to drive the adoption of new security technology in order to promote safer and more reliable automation infrastructures. Eric is currently the Director of Cyber Security Solutions and Technology for Honeywell, and is the Chief Technical Advisor, North America for the Industrial Cybersecurity Center. He is also the author of “Industrial Network Security: Securing Critical Infrastructure Networks for Smart Grid, SCADA and Other Industrial Control Systems.” His new book, “Applied Cyber Security for Smart Grids” was co-authored with Raj Samani, McAfee CTO EMEA. The opinions expressed here represent Eric's own and are not those of his employer.

Recent articles by Eric Knapp

  • A critical vulnerability in the BNL Waste Allocator Load Lifter (Earth Class) industrial operating system, allowing remote privilege escalation and code execution through the injection of wOS control packets, has resulted in the compromise of waste removal automation on a global scale.
  • Enemy infrastructure is and always has been an important military target. The difference is that with increasingly automated and connected infrastructure, the ability for an enemy to target these systems digitally has increased, putting these systems at greater risk.
  • There’s been a lot of debate lately over the role the Cloud has within Critical Infrastructure, and whether or not the Cloud is itself a Critical Infrastructure.
  • On day two and three of ISA Automation Week conference, the critical role of industrial automation continued to be a common theme throughout the Industrial Network Security track.
  • Implementing a more mature cyber security profile within automation means an investment in both time and resources. Being able to measure business performance in real-time is the first step in justifying the ROI of this much-needed increase in cyber security controls.
  • Because transactions using virtual currencies happen anonymously, they confuse issues of jurisdiction and can become difficult to enforce. When authorities do take action, cybercrime simply re-images itself with a new currency and a new platform.
  • The NSA tapping into our digital lives is a heinous breach of privacy, say those on the opposing team. I say, “meh.” Assume that everything you do and say is being watched and heard, always.
  • The “if it works don’t touch it” mentality continues to thwart many aspects of cyber security — including information sharing. It’s also why the trust required to implement a successful Information Sharing scheme is also unlikely to blossom overnight.
  • If threat information is available but not fully and effectively utilized, then knowledge is not power—it is simply knowledge. Books in a library, unread. A lecture, unattended.
  • Could smart meter data provide information needed to steal a physical asset? Theoretically, yes.
  • In an industrial control system, Application Whitelisting is the answer to our collective prayers: there’s no need to patch, update large virus libraries, and there’s almost no drain on CPU and memory. It is, basically, a silver bullet.
  • This is the third in a series of articles on the new “3x3” security model for critical infrastructure cyber security. This week, Eric discusses host security needs in the device network.
  • Endpoint protection in SCADA environments can pose some interesting cyber security challenges. For example, once these systems are up and running, nothing can change without risking the reliability and continued operation of the automated process(es).
  • We’ve all heard about the inherent vulnerabilities of SCADA and ICS systems, yet we continue to focus cyber security on the surrounding IT systems using these traditional IT tools. The solution requires a new security model that addresses the specific challenges of the industrial automated world.
  • A story on Defending Against Insider Threats in SCADA Environments Using Context and Correlation through an Episode at a Fictional Plastics Company.
  • Eric shines some light on industrial control system cyber security through a story of a disgruntled control system operator with admin privileges on key systems, and with badge access to sensitive places full of buttons and levers.
  • In truly Critical Infrastructure, the ROI of cyber security is measured in human lives. My mantra has always been to over-protect, especially when the network being protected is critical.
  • From a cyber security perspective, energy transmission involves several important information paths and several unique digital assets. Cyber security seems to be focused on energy generation, but what if a Stuxnet-class attack was engineered to target transmission and distribution systems?
  • While Stuxnet was extremely sophisticated and targeted, there are many broader and simpler attacks that are now not only possible, but easy. Industrial control systems may be the new “low hanging fruit” of cyber security, and hackers have developed a taste for them.
  • There’s been a lot of recent reflection on SCADA and Industrial Control Systems cyber security in the year following Stuxnet. Why is the current state of SCADA and ICS security the fault of Siemens, Alstom, Rockwell Automation, or any other control system vendor?
  • Eric discusses SCADA and Industrial Control Protocols, and how to protect a process control network from misuse of these protocols.
  • Situational awareness, in the context of threat detection, means monitoring all activity on the network. In this example, monitor network flows and compare those against the allowed information flows, per your firewall configuration.
  • You’ve heard the acronyms: SCADA, ICS, IACS, DCS, PCS, CI. You’ve caught the catchphrases: air-gap defense, critical infrastructure, cyber war, advanced persistent threat. So what do these all mean?