Keynote at EnergyTech –control system cyber incidents continue to occur

October 23, 2018, I gave the keynote at EnergyTech in Cleveland (attached is the Cleveland Plain Dealer’s article on my presentation -https://www.cleveland.com/business/index.ssf/2018/10/electrical_grid_power_plants_p.html). The presentation includes a list of a recent control system cyber incidents. I do this because there are myriad discussions about the increasing number of network vulnerabilities such as Spectra/Meltdown, various vulnerabilities, various botnets, etc., but very little about actual incidents except those that are public such as Trisis. My list included GPS hacks affecting ships, a cyber attack causing a loss of power to many US customers, data center hacks damaging equipment and shutting down the data centers, the Triconix safety system hack (Trisis) and resultant plant shutdown, and Russian ransomware affecting access to grid equipment in a US utility. There were also many non-malicious cases including loss of SCADA monitoring and control, loss of Remote Terminal Unit (RTU) communications, loss of control of a robotic arm in a manufacturing line, shutdown of a gas pipeline from database updates, and the Massachusetts natural gas pipeline rupture. My list of actual control system cyber incidents is now almost 1,100 with more than 1,000 deaths, and more than $60Billion in direct damage. Unfortunately, there is still very little control system cyber forensics or training for the control system engineers to identify these types of incidents.  My rhetorical questions are with all of the OT technology solutions and training, why do these incidents continue to occur and why aren’t they being publicly identified?

Joe Weiss