A brief history of ICS Cyber Security

The November 2017 Issue of Control magazine had a section entitled “Serious cybersecurity sources”.  In it, they included Unfettered and mentioned it being 10 years old. This got me thinking about a timeline of important ICS cyber security first-of-a-kind events. As my database has identified more than 1,000 ICS cyber incidents, I have not included most of the incidents. There are obviously many other important events and I encourage others to fill those in:

1982

- Gasprom explosion - first nation-state “electronic” attack

1998

- PDD63 - critical infrastructure cyber security

- DOE vulnerability assessments provide initial findings of utility ICS cyber vulnerabilities

1999

- AGA Gas SCADA encryption program - identified cyber as a threat

2000

- EPRI Enterprise Infrastructure Security Program (ICS cyber security) - started ICS cyber security incident database to support EIS program

- Maroochyshire (Austrailia) - first publicly identified targeted ICS cyber attack with damage

2001

- NIST Process Controls Security Requirements Forum (PCSRF)

- 9/11 - changed ICS cyber security by effectively transferring ICS cyber security to IT

2002

- KEMA ICS Cyber Security Conference - first ICS cyber security conference (became ACS ICS Cyber Security Conference-“weisscon” in 2007 then became SecurityWeek ICS Cyber Security Conference in 2014)

- ISA99

- NERC CIP process

- Chemical sector cyber security team

2003

- First ISA 99 documents

- Slammer and Blaster worms affected many ICSs including Davis Besse nuclear plant

- NorthEast blackout (cyber-related)

2004

- INL SCADA Test Bed opens with ICS cyber hacking demonstration

- SCADA hack disables electric utility SCADA

2007

- Started Unfettered

- INL Aurora test

2010

- Book: Protecting Industrial Control Systems from Electronic Threats;

- Stuxnet discovered/ Ralph Langner presentation

2011

- NIST SP800-82

2012

- Project Shine findings report (identified ICSs connected to the Internet)

2014

- DHS declassified Aurora

2015

- DHS identifies BlackEnergy as being in US grids since 2014

2016

- National Academy of Science, Engineering, and Medicine keynote

2017

- Identification of lack of security of Level 0,1 devices (new ISA working group established)

Joe Weiss