Why are unintentional ICS cyber incidents important to address

Jan. 28, 2013
NIST defines a cyber incident to be communications between systems (or people and systems) that affect confidentiality, integrity, or availability. The NIST definition does not require an incident to be malicious to be defined as a cyber incident. There are several issues associated with unintentional cyber incidents:
- They can cause significant impacts. There have already been four unintentional control system cyber incidents in the US that caused major damage and killed people.
NIST defines a cyber incident to be communications between systems (or people and systems) that affect confidentiality, integrity, or availability. The NIST definition does not require an incident to be malicious to be defined as a cyber incident. There are several issues associated with unintentional cyber incidents:- They can cause significant impacts. There have already been four unintentional control system cyber incidents in the US that caused major damage and killed people.- It may not be possible to tell the difference between a malicious attack versus an unintentional incident. As an example, the only difference between 2008 Florida Outage being a malicious attack versus an unintentional incident was the motivation of the engineer in the substation in removing all equipment protection?- An unintentional incident can make a system less robust making it easier to attack

The following actual case best explains the situation: Engineers at a major brewery thought the company's bottling systems were secured until someone with access logged in and inadvertently changed a timer for a maintenance device on a bottle filler. It was supposed to squirt grease into the bearing every 20 minutes but was changed to once every 8 hours. The bearing soon froze. The line that filled 1,200 bottles/minute ground to a halt creating a $100,000 loss. The plant engineer stated: "With well-intentioned engineers monkeying around in the automation system, who needs terrorists or disgruntled employees?"

Joe Weiss

Sponsored Recommendations

Measurement instrumentation for improving hydrogen storage and transport

Hydrogen provides a decarbonization opportunity. Learn more about maximizing the potential of hydrogen.

Get Hands-On Training in Emerson's Interactive Plant Environment

Enhance the training experience and increase retention by training hands-on in Emerson's Interactive Plant Environment. Build skills here so you have them where and when it matters...

Learn About: Micro Motion™ 4700 Config I/O Coriolis Transmitter

An Advanced Transmitter that Expands Connectivity

Learn about: Micro Motion G-Series Coriolis Flow and Density Meters

The Micro Motion G-Series is designed to help you access the benefits of Coriolis technology even when available space is limited.