An ICS cyber incident results in criminal convictions

Aug. 10, 2016

 An ICS cyber incident has resulted in the criminal conviction of PG&E on 6 criminal counts.

August 8, 2016, a federal jury found Pacific Gas and Electric (PG&E) guilty on five felony counts of failing to adequately inspect its gas pipelines before the blast that incinerated a neighborhood in San Bruno, CA. in September 2010. The utility was also found guilty of one count of misleading federal investigators about the standard it used to identify high-risk pipelines.

Why bring that up in this blog?  There were two ICS cyber aspects to the pipeline rupture. It was PG&E scheduled maintenance with the local SCADA system that resulted in the overpressure that burst the weak pipe. The second ICS cyber aspect was that the SCADA system was not able to identify the pipe rupture allowing gas to escape and create a fireball for almost an hour.

It should also be noted that the San Bruno natural gas pipeline rupture had many similar ICS cyber aspects to the 1999 Bellingham, WA gasoline pipeline rupture.

Joe Weiss