In the June 22nd issue of InformationWeek, the cover story is cyber security – What’s Your Appetite for Risk?. The focus was on intentional cyber attacks against the IT infrastructure. I wanted to focus on two charts. The first is What are the Primary Goals of Your Risk Management Initiative?. Just like the NERC CIPs, the top goal was “fulfilling regulatory compliance requirements”. The second chart is What would be the Potential Effects of Attacks?. Neither safety nor reliability were mentioned.
In the control systems community, the primary focus is on safety and reliability while the most frequent cyber risks are unintentional. As Walt Boyes phrases it, the control systems community needs to focus on functional security. Functional security addresses the ability of systems to perform their functions in the face of intentional or unintentional cyber threats while assuring fail-safe operation. Functional security requires not just control systems domain expertise, but looking at system design and policies from a different perspective. The lack of functional security has led to control system cyber incidents in electric, water, oil/gas, chemicals, and transportation including several with fatalities. Air France (aircraft) and the Washington DC Metro (rail rapid transit) apparently involved cyber control system failures; the Olympic Pipeline Company – Bellingham (gasoline pipeline) did suffer from cyber control system failures.
Common issues in Air France, DC Metro, and Olympic were:
- Reliance on remote (automated) system control
- Previously failures with control systems and components
- Logic that did not provide for “fail-safe” conditions
- Violation of the NIST Confidentiality/Integrity/Availability criteria
Modern communications and control system technologies are making systems more productive, but are reducing robustness. Many control system cyber incidents did not violate IT security policies as they were control system design or operation issues. And, yes, they could have been intentionally caused. The Smart Grid will further blur the lines between IT and control systems making functional security even more important. However, control system domain expertise is lacking. It’s time to address functional security of control systems before more people die.
Metro Control System Fails Test Technology Should Have Averted Crash, http://www.washingtonpost.com/wp-dyn/content/article/2009/06/25/AR2009062501073.html
NTSB: Metro signal system didn't detect test train, http://www.washingtonpost.com/wp-dyn/content/article/2009/06/25/AR2009062500652.html
Metrorail Crash May Exemplify Automation Paradox
Bellingham Control System Cyber Security Case Study, http://csrc.ncsl.nist.gov/groups/SMA/fisma/ics/documents/Bellingham_Case_Study_report%2020Sep071.pdf