April 9th, 2015, the California Public Utilities Commission fined Pacific Gas & Electric (PG&E) $1.6 BILLION for the September 2010 San Bruno natural gas pipeline rupture that killed 8 and destroyed a neighborhood (there are also 28 federal criminal charges and numerous other fines and penalties).
Engineers are smarter than the average bear. They know a lot about a lot of things. EEs, ChemEs, MEs know a lot about a lot of different things, but here are 15 things they all know--complete with pictures.
The general discussions on control system cyber incidents focus on the lack of documented incidents. The lack of documented incidents is generally due to lack of appropriate diagnostics and/or lack of appropriate training to identify the incidents as cyber. The following article provides a good discussion about the subject: http://www.csmonitor.com/World/Passcode/2015/0323/How-cyberattacks-can-be-overlooked-in-America-s-most-critical-sectors
March 12, 2015, DHS’s ICS-CERT issued the ICS CERT Monitor report that identified 245 total incidents in 2014. It is not clear how many of the control system incidents actually affected facility reliability and/or safety.
The power of the PID largely remains untapped. I have recently documented the extensive capability of the PID but being a realist, I expect MPC is going to take over more and more of the role of the PID.
The 2015 (15th) ICS Cyber Security Conference will be held October 26-29 at the Georgia Tech Hotel and Convention Center in Atlanta. As with previous ICS Cyber Security Conferences, the agenda will not be complete until shortly before the conference to accommodate the most current issues and findings. There will be...
The National Association of Insurance Commissioners (NAIC) issued "Principles for Effective Cyber Security Insurance Regulatory Guidance". The NAIC principles effectively focus on data breach. However, data breach is not a significant issue for ICS cyber security. ICS cyber impacts need to be considered.
Interesting question. You can’t just walk away from it, especially nowadays, between regulations, environmental questions, liability concerns, p.r. “optics,” volatile oil prices and Lord knows what else. But decommissioning it is no simple matter either.
Based on the Advisen and other meetings I have attended, there is little understanding of control system cyber security by the insurance industry. I believe the insurance industry is very important for improving control system cyber security as they can provide both carrot (lower premiums) and stick (higher premiums or...