This weekend a reader over on Substack, Robots and Chips, left three comments (here, here, and here) on two of my blog posts (here and here) about CISA vulnerability advisories. They draw some interesting conclusions about how these vulnerabilities provide a window into cybersecurity problems with the energy sector. While I generally try to avoid drawing general conclusions from isolated advisories, the insights here deserve consideration and discussion.
I would, however, like to make one observation; I have seen
very few of these energy sector related vulnerabilities show up in CISA’s Known
Exploited Vulnerabilities catalog. That may just be a reporting anomaly (the
KEV catalog is, after all, focused on problems potentially affecting federal
systems), or a failure to report exploits by that sector, but I suspect that
the overall cybersecurity posture of the major components of the electric grid
may have something to do with that. But that is an outsider’s perspective, my
knowledge of the grid does not extend much beyond being able to identify the GA
Power distribution substation down at the end of my block.
Posts
No comments:
Post a Comment