Home

OT cyber monitoring is not sufficient to identify many significant control system cyber incidents

Jan. 27, 2020

Many actual control system cyber incidents that caused either business disruption, major environmental spills, major electric blackout, and catastrophic failures would NOT have been detected from OT network monitoring as these were control system cyber incidents.

Joe Weiss

A major news organization contacted me about my control system cyber incident database. I have been very clear the database is not public but I could provide sanitized information. Until now, that was not sufficient to get media interest as they wanted names. Since this news organization was willing to go without names, I provided sanitized summaries of 20 actual cases. I chose a combination of cases representing domestic and international, unintentional and malicious, multiple industries (e.g., power, water, pipelines, transportation, etc.), and various levels of impact (e.g., business disruption, major environmental spills, major blackouts, catastrophic failures including deaths, etc.) An important finding was many cases would NOT have been detected from OT network monitoring as these were control system cyber incidents. This is a clarion cry for training the control system engineers to question when incidents happen if they could be cyber-related. This becomes very important as sophisticated hackers can, and have, made cyber attacks look like equipment malfunctions.

Joe Weiss

About the Author

Joe Weiss | Cybersecurity Contributor

Joe Weiss P.E., CISM, is managing partner of Applied Control Solutions, LLC, in Cupertino, CA. Formerly of KEMA and EPRI, Joe is an international authority on cybersecurity. You can contact him at [email protected]