Those readers who follow me on Twitter®, LinkeIn® or FaceBook® may have noticed last night that I have started a new writing project, Future ICS Security News. I am using this new platform to look at control system security from a slightly different perspective, what could happen with existing control system vulnerabilities.
I have been thinking about how to approach this project for about a year now. I had first thought of self-publishing a series of short-stories about control system security issues where the protagonists were involved with or affected by system hacks. I tried my hand at a couple, but they were a lot more work than I was willing to put into this project.
Because of the recent spate of news stories about ‘fake news’ in social media during the recent election cycle, I started thinking about doing this as a series of news stories about as-of-yet non-existent cyber-attacks on control systems. I tried my first one last night and was happy enough with the results to start a new ‘blog’ post on Google®, Future ICS Security News.
The first post, Local Student Arrested for Airline Incident, did not take much more time to write than a standard blog post. It was very loosely based upon an article I read about continuing work Ruben Santamarta has been doing with airline entertainment system vulnerabilities. Now my story has no technical details in it (because I don’t know any), so it takes a ‘what if?’ approach to looking at the problem. My answer to that question is my fault, not Rueben’s.
I really do like the fake news story approach. It lets me do a story with minimal character development or conversations (both story writing techniques that I find time consuming to do right) yet still look at potential control system security consequences. It also allows me to have a little fun with puns (watch names) and insider jokes.
I am not yet sure how often I will be doing new ‘news stories’. I’ll have to see what kind of reader response that I get and how often the story ideas strike me.
This will probably be the last time that I mention one of these stories here. I will be announcing the publication of each new story on Twitter, LinkedIn and Facebook. Feel free (PLEASE) to pass the links around; I would love for these stories to reach an audience outside of the control system security community. Maybe even have a congresscritter cite one during a debate in committee or even on the floor. Onion has managed that, why can’t I? (GRIN)