1. Home

Significant ICS cyber security incidents continue to occur – some without known causes

Jan. 2, 2013
In the IT community, a worst case scenario is denial-of-service. In the ICS community, a worst case scenario is loss of control/loss of view. Enclosed are some recent cases of loss of control/loss of view with four different major ICS suppliers each without a known cause.

In the IT community, a worst case scenario is denial-of-service. In the ICS community, a worst case scenario is loss of control/loss of view. Enclosed are some recent cases of loss of control/loss of view with four different major ICS suppliers each without a known cause.


Almost a year ago, an international utility sent a Linked-in note asking for help on a VERY significant ICS cyber incident- total loss of view and control of 2 large power plants during operation. The request was because the utility could not get an acceptable response from their plant distributed control system (DCS) supplier (Vendor A) and wanted to know if anyone else experienced a similar situation. At the October 2012 ICS Cyber Security Conference, another utility gave a presentation of an ICS cyber security incident during the commissioning of their new plant DCS. In this case, they also experienced loss of view and loss of control. Even with DCS vendor personnel on-site, they were not able to rectify the problem or get an explanation as to what caused the incident from their DCS vendor (Vendor B). Another end-user sent a note asking for help because they experienced loss of view and loss of control of their ICS with the facility operating (Vendor C). Still another had a problem with their PC-based ICS (Vendor D) occasionally unable to see other PCs on the network and losing communications with important field I/O.

There are a number of issues and observations:
- These are loss of view/loss of control incidents not traditional denial-of-service
- Incidents were independent of any specific ICS vendor
- Lack of understanding of what caused the problems
- Lack of guidance on how to respond to these problems
- Lack of adequate response from the ICS suppliers
- Need to share information on very significant ICS cyber incidents


If any readers have had similar incidents, please contact me at [email protected]. I will keep all information confidential and would be willing to share the information I have collected on a "give to get" basis. We will discuss these issues at the next 2013 ICS Cyber Security Conference.
Joe Weiss

Continue Reading

Sponsored Recommendations

2024 Industry Trends | Oil & Gas

We sit down with our Industry Marketing Manager, Mark Thomas to find out what is trending in Oil & Gas in 2024. Not only that, but we discuss how Endress+Hau...

Level Measurement in Water and Waste Water Lift Stations

Condensation, build up, obstructions and silt can cause difficulties in making reliable level measurements in lift station wet wells. New trends in low cost radar units solve ...

Temperature Transmitters | The Perfect Fit for Your Measuring Point

Our video introduces you to the three most important selection criteria to help you choose the right temperature transmitter for your application. We also ta...

2024 Industry Trends | Gas & LNG

We sit down with our Industry Marketing Manager, Cesar Martinez, to find out what is trending in Gas & LNG in 2024. Not only that, but we discuss how Endress...

Latest from Home

Most Read

Sponsored