Hunderfossen dam in the Lagen river close to the Norwegian town Lillehammer

Misguided response to the Norwegian Dam and Oldsmar “cyberattacks”

July 9, 2025
The challenges in distinguishing control system cyber incidents from accidents and the need for discernment in identifying cyber-related incidents

In their haste to find operational technology (OT) cyberattacks, the OT cybersecurity community, including regulators, continue to jump to conclusions about what OT cyberattacks are while at the same time ignoring incidents that don’t look like cyber incidents they are used to seeing.

Not everything that looks like a cyberattack is necessarily a cyberattack. Accidents and mistakes can easily be taken for cyberattacks. Two incidents, one from a few years ago, and one that’s currently unfolding, show the difficulty of distinguishing among these alternatives.

Specifically, the OT cybersecurity community reacted similarly to both the April 2025 Norwegian Dam and the February 2021 Oldsmar, Florida “cyber” incidents. Cyber-vulnerable OT systems were involved in both cases. However, legacy control system devices often have no cyber forensic capabilities.

Consequently, it may be difficult to determine whether the control system devices may have been maliciously or unintentionally compromised. In both Norway and Florida, there were unproven connections between the cyber vulnerable OT systems and subsequent “system glitches.” In both cases the OT security community went viral about these two cases being cyberattacks. Yet the OT cybersecurity community is silent about a control system cyber-related cyber incident that caused a dam failure that dumped more than a billion gallons of water.

According to reports on the Norwegian Dam,

“Officials believe the hack took place because of a weak password for the valve's web-accessible control panels. It's unclear if putting the valve at full capacity was intentional or not.

The Oldsmar, Florida, water-treatment incident turned out to be a user error that increased the lye concentration value, and not a cyberattack that intentionally changed the value. Yet the Oldsmar case is still prominently featured in many OT cybersecurity vendor websites.

Get your subscription to Control's tri-weekly newsletter.

Even as OT network cyberattacks continue to occur, so do control system cyber incidents. These real control system incidents cause physical impacts but are often not identified as being cyber-related. For example, a city had its water system compromised when the SCADA system erroneously manipulated a valve resulting in flooding parts of the city (this resembles the Norwegian dam case). There were no alarms initiated during this control system cyber incident, but it is not clear if the incident was an “unintentional glitch” or a hack like the Russian cyberattack against the Muleshoe, Texas, water system, as the impacts were quite similar.

There are hundreds of similar cases in multiple industries that were not identified as being cyber incidents but as being glitches. Consequently, the cybersecurity community is not aware of these cases because a Google search on the word “cyber” will not identify these cases.

Summary

Not all control system cyber incidents are malicious cyberattacks. They can be accidents or errors, too. The misguided identification of OT glitches as cyberattacks while at the same time the inability to identify control system incidents as being cyber-related is becoming more dangerous. There is a need for training in how to identify a control system cyber incident as being cyber-related as millions have already occurred. Some discernment—and the forensics to support that discernment—is clearly in order.

About the Author

Joe Weiss | Cybersecurity Contributor

Joe Weiss P.E., CISM, is managing partner of Applied Control Solutions, LLC, in Cupertino, CA. Formerly of KEMA and EPRI, Joe is an international authority on cybersecurity. You can contact him at [email protected]

Sponsored Recommendations

The tiny EZminiWiFi is a godsend for the plant maintenance engineers who need to make a minor modification to the HMI program or, for that matter, the PLC program. It's very easy...
Discover the benefits of American-made automation products, including stable pricing, faster delivery, and innovative features tailored to real-world applications. With superior...
Over the past 50 years, the automation technology landscape has changed dramatically, but many of the underlying industry needs remain unchanged. To learn more about what’s changed...
Watch EZAutomation's recent feature on the popular FOX Network series "Manufacturing Marvels" and discover what makes them a force to be reckoned with in industrial automation...