The cost of a non-malicious control system cyber incident – more than $1Billion

April 13, 2015

April 9th, 2015, the California Public Utilities Commission fined Pacific Gas & Electric (PG&E) $1.6 BILLION for the September 2010 San Bruno natural gas pipeline rupture that killed 8 and destroyed a neighborhood (there are also 28 federal criminal charges and numerous other fines and penalties). This was not a malicious cyber attack but an unintentional control system cyber incident.

There is a tendency by many in the cyber security community to only care about malicious cyber attacks as opposed to unintentional cyber incidents. April 9th, 2015, the California Public Utilities Commission fined Pacific Gas & Electric (PG&E) $1.6 BILLION for the September 2010 San Bruno natural gas pipeline rupture that killed 8 and destroyed a neighborhood (there are also 28 federal criminal charges and numerous other fines and penalties). This was not a malicious cyber attack but an unintentional control system cyber incident. The incident occurred following scheduled PG&E maintenance on the local SCADA system that resulted in the over-pressurization of a pipeline with a previously unknown weakness. As PG&E did not immediately have the locations of the required manual shut-off valves following the pipe rupture, PG&E has now installed more than 200 gas valves that can be controlled remotely. Remote shut-off valves increase the threat attack surface. Considering San Bruno was not the first pipeline rupture that was cyber-related, there is a need to consider cyber and physical security protections of all pipelines using remote-automated shut-off valves. This should include known cyber vulnerabilities that affect pipeline operations such as Aurora and appropriate control system cyber security policies and procedures.

Joe Weiss

Sponsored Recommendations

Make Effortless HMI and PLC Modifications from Anywhere

The tiny EZminiWiFi is a godsend for the plant maintenance engineers who need to make a minor modification to the HMI program or, for that matter, the PLC program. It's very easy...

The Benefits of Using American-Made Automation Products

Discover the benefits of American-made automation products, including stable pricing, faster delivery, and innovative features tailored to real-world applications. With superior...

50 Years of Automation Innovation and What to Expect Next

Over the past 50 years, the automation technology landscape has changed dramatically, but many of the underlying industry needs remain unchanged. To learn more about what’s changed...

Why should American-Made Products be a top priority?

Within this white paper, Shalabh “Shalli” Kumar, founder of AVG Advanced Technologies, stresses the importance of prioritizing American-made products to safeguard the country'...