It is with a heavy heart that we at ARC recognize the passing of cybersecurity pioneer Michael Assante. Mike was one of the first people to really bring the critical issue of ICS cybersecurity to the forefront. If you are in the automation business, you probably read about the Idaho National Laboratory Aurora Generator Test in 2007 that demonstrated the vulnerability of electric power generators, proving that critical infrastructure assets in the physical world can be destroyed through a cyber-attack. This was Mike’s brainchild, and it is just one of the countless contributions he made to the world of cybersecurity.
A Naval intelligence officer, Mike later served as Vice President and CSO at American Electric Power, the first CSO at NERC, co-founder of NexDefense, and a member of the board of the Center for Internet Security. Since 2013, Mike was Director of Critical Infrastructure & ICS/SCADA Security at SANS Institute and participated in our ARC Industry Forum in this capacity. Mike also testified before the US Senate and House and was an initial member of the Commission on Cyber Security for the 44th Presidency.
Mike had a close relationship with other pioneers in the industry like Robert M. Lee, Marty Edwards, Tim Conway, and others. Mike raised awareness about the critical importance of ICS cybersecurity in a time when many people literally laughed at the idea that a cyber-attack could ever be considered an issue. As Robert M. Lee points out in his very well written goodbye to his close friend, Mike truly believed that we could make the world a safer place, and we should all honor that legacy. As Mike said in his last message to the SANS ICS message board, “Continue your hard work and be confident that it is noble to protect infrastructures and your organizations' value. Your work is more important than most organizations understand, but we continue in it out of a sense of duty and passion.”
If you want to watch Mike speak, I recommend this excellent presentation on the Ukrainian power grid hack from 2016. It's more relevant now than ever.
Very nice tribute, Larry. I get a nostalgic sense of loss sometimes for the "old days" of the Internet when the idea of a cyber attack really WAS laughable (was that before 1988?). Regardless, we can't go back to that era of an almost academic Internet, and the reason we can't is because the net has succeeded and become absolutely critical global infrastructure...and therefore has become weaponized and politicized as well.