Another ICS cyber incident with a fatality

According to NIST, the definition of a cyber incident is electronic communications between systems that affects Confidentiality (C), Integrity (I), or Availability (A). The NIST definition does not require a cyber incident to be malicious. January 12, 2015 DC Metro experienced a fire that resulted in a fatality. On February 17, 2015, the Washington Post published an article titled: Metro knew smoke-emergency system had problems before fatal incident.Just like the SCADA system affected during the 2003 Northeast Outage had known software issues, DC Metro was aware its computers and fan ventilation systems for dealing with smoke in tunnels needed to be modernized. The National Transportation Safety Board said the tunnel calamity, near the L’Enfant Plaza station, was exacerbated by DC Metro’s inability to quickly identify the origin point of the smoke then activating two sets of tunnel ventilation fans at cross-purposes, pulling the smoke toward the train instead of pushing it away. These issues led directly to the smoke inhalation problems and the associated fatality.

There are several issues that are apparent and continue to recur:

-        The event was not recognized as an ICS cyber incident, therefore, no information sharing

-        It involved ICSs with known issues like many previous ICS cyber incidents

-        Even though it was unintentional, it could have been caused maliciously and would not have been identified as cyber

Joe Weiss