Unintentional ICS cyber incidents can have a real cost

A number of years ago I had a discussion about ICS cyber security with a colleague from a market-based generation company. His concern was that his plants had to respond to the dispatcher within a prescribed period of time (say 15-30 minutes) or the dispatcher would move on to the next generation unit. The potential economic impact could be huge - loss of direct revenue and a competitor's unit being dispatched instead. This brought up the thought that economics (competitive advantage) could be a driver in hacking their systems. In fact, it wouldn't even need to be a sophisticated hack of the control systems. A simple denial of service of the link between the dispatcher and the plant for more than 30 minutes would be all that was needed.

Fast forward to a real case that wasn't intentional but has a similar impact. A large peaking plant (most likely unmanned meaning remote dispatch) was being paid to provide ancillary services (rapid dispatch response). There was an environmental event that led to the need to dispatch those units to prevent a brownout or blackout condition. For reasons not yet fully understood, not all of the units were able to respond to the dispatcher within the required time. As a result, the regulator is looking to fine the utility. Ironically, the fine is for lack of performance not for lack of NERC CIP compliance as these units are not NERC Critical Assets.

As best as I can tell (I haven't seen the field data yet), this is a classic unintentional ICS cyber incident. I have been asked to help provide the utility a basis for why they didn't know the control system didn't work as expected and why they couldn't see the control system not performing as designed. This subject will be discussed at the October ICS Conference (www.icscybersecurityconference.com).

Joe Weiss