Cyber threats and cyber-physical systems, and impacts for APAC

Tim serves as the Technical Director – ICS and SCADA programs at SANS, and is responsible for developing, reviewing, and implementing technical components of the SANS ICS and SCADA product offerings. Additionally, performing contract and consulting work in the areas of ICS cybersecurity with a focus on energy environments.

A recognized leader in CIP operations, he formerly served as the Director of CIP (Critical Infrastructure Protection) Compliance and Operations Technology at Northern Indiana Public Service Company (NIPSCO) and was responsible for Operations Technology, NERC CIP Compliance, and the NERC training environments for the operations departments within NIPSCO Electric.

Recognizing the need for ICS-focused cyber security training throughout critical infrastructure environments and an increased need for NERC CIP hands-on training, Tim authored and instructs the ICS curriculum’s newest course ICS456 – Essentials for NERC Critical Infrastructure Protection.

Outside of SANS, Tim continues to perform contract and consulting work in the areas of ICS cyber security with a focus on the energy sector.

Before accepting the opportunity to join SANS, Tim enjoyed a 15-year career with NIPSCO (Northern Indiana Public Service Company) – one of Indiana’s largest natural gas and electric companies in the state, where he held management and leadership positions as well as EMS Computer Systems Engineer responsibilities over the control system servers and the supporting network infrastructure.

During his career, Tim has served as the Chair of the RFC CIPC, Chair of the NERC CIP Interpretation Drafting Team, Chair of the NERC CIPC GridEx Working Group, and Chair of the NBISE Smart Grid Cyber Security panel.

In this interview held on-site at the SANS ICS APAC Summit and Training 2022, Tim shares his insights on the developments in ICS (Industrial Control Systems).

He starts by explaining the evolution of the term “ICS” into “cyber-physical” – from “data-at-rest, data-in-use, data-in-motion” perspective to one where “data that does something, data that means something,” or in other words, data that has a “kinetic component,” a “physics component.”

Viewed this way, cyber-physical systems could be large scale, like SCADA covering multiple states, or could be on a plant floor distributed control system, could be individual PLCs, or the IIoT (Industrial Internet of Things) which are “using small edge devices to control parts of buildings, or SMART cities or transportation.”

Tim also gives an update on the threat landscape in cyber-physical systems and how intellectual property/data theft has evolved to process manipulation. The latest is the recently discovered malware – “Pipedream,” where the modularity of the malware framework is a “force multiplier.” By piecing different malicious components, he explains that threat actors can achieve their goals without knowing their specific environments – and also across multiple sectors.

Besides the evolving threat landscape, Tim also touches on varied levels of digital adoption in the cyber-physical environment across sectors means that the SANS courses are necessarily developed for professionals coming from a variety of experiences and cover legacy, existing, and new environments.

Depending on the complexities of the infrastructure specific to the country, Tim also shares his perspectives on differing priorities and approaches when it comes to cyber protection.

Recorded on 21st November 2022, 3pm, Grand Copthorne Hotel, Singapore.