Unintentional ICS cyber incidents can have a real cost

Sept. 24, 2012
A number of years ago I had a discussion about ICS cyber security with a colleague from a market-based generation company. His concern was that his plants had to respond to the dispatcher within a prescribed period of time (say 15-30 minutes) or the dispatcher would move on to the next generation unit. The potential economic impact could be huge - loss of direct revenue and a competitor's unit being dispatched instead. This brought up the thought that economics (competitive advantage) could be a driver in hacking their systems.

A number of years ago I had a discussion about ICS cyber security with a colleague from a market-based generation company. His concern was that his plants had to respond to the dispatcher within a prescribed period of time (say 15-30 minutes) or the dispatcher would move on to the next generation unit. The potential economic impact could be huge - loss of direct revenue and a competitor's unit being dispatched instead. This brought up the thought that economics (competitive advantage) could be a driver in hacking their systems. In fact, it wouldn't even need to be a sophisticated hack of the control systems. A simple denial of service of the link between the dispatcher and the plant for more than 30 minutes would be all that was needed.

Fast forward to a real case that wasn't intentional but has a similar impact. A large peaking plant (most likely unmanned meaning remote dispatch) was being paid to provide ancillary services (rapid dispatch response). There was an environmental event that led to the need to dispatch those units to prevent a brownout or blackout condition. For reasons not yet fully understood, not all of the units were able to respond to the dispatcher within the required time. As a result, the regulator is looking to fine the utility. Ironically, the fine is for lack of performance not for lack of NERC CIP compliance as these units are not NERC Critical Assets.

As best as I can tell (I haven't seen the field data yet), this is a classic unintentional ICS cyber incident. I have been asked to help provide the utility a basis for why they didn't know the control system didn't work as expected and why they couldn't see the control system not performing as designed. This subject will be discussed at the October ICS Conference (www.icscybersecurityconference.com).

Joe Weiss

Sponsored Recommendations

Measurement instrumentation for improving hydrogen storage and transport

Hydrogen provides a decarbonization opportunity. Learn more about maximizing the potential of hydrogen.

Get Hands-On Training in Emerson's Interactive Plant Environment

Enhance the training experience and increase retention by training hands-on in Emerson's Interactive Plant Environment. Build skills here so you have them where and when it matters...

Learn About: Micro Motion™ 4700 Config I/O Coriolis Transmitter

An Advanced Transmitter that Expands Connectivity

Learn about: Micro Motion G-Series Coriolis Flow and Density Meters

The Micro Motion G-Series is designed to help you access the benefits of Coriolis technology even when available space is limited.