Unintentional ICS cyber incidents can have a real cost

Sept. 24, 2012
A number of years ago I had a discussion about ICS cyber security with a colleague from a market-based generation company. His concern was that his plants had to respond to the dispatcher within a prescribed period of time (say 15-30 minutes) or the dispatcher would move on to the next generation unit. The potential economic impact could be huge - loss of direct revenue and a competitor's unit being dispatched instead. This brought up the thought that economics (competitive advantage) could be a driver in hacking their systems.

A number of years ago I had a discussion about ICS cyber security with a colleague from a market-based generation company. His concern was that his plants had to respond to the dispatcher within a prescribed period of time (say 15-30 minutes) or the dispatcher would move on to the next generation unit. The potential economic impact could be huge - loss of direct revenue and a competitor's unit being dispatched instead. This brought up the thought that economics (competitive advantage) could be a driver in hacking their systems. In fact, it wouldn't even need to be a sophisticated hack of the control systems. A simple denial of service of the link between the dispatcher and the plant for more than 30 minutes would be all that was needed.

Fast forward to a real case that wasn't intentional but has a similar impact. A large peaking plant (most likely unmanned meaning remote dispatch) was being paid to provide ancillary services (rapid dispatch response). There was an environmental event that led to the need to dispatch those units to prevent a brownout or blackout condition. For reasons not yet fully understood, not all of the units were able to respond to the dispatcher within the required time. As a result, the regulator is looking to fine the utility. Ironically, the fine is for lack of performance not for lack of NERC CIP compliance as these units are not NERC Critical Assets.

As best as I can tell (I haven't seen the field data yet), this is a classic unintentional ICS cyber incident. I have been asked to help provide the utility a basis for why they didn't know the control system didn't work as expected and why they couldn't see the control system not performing as designed. This subject will be discussed at the October ICS Conference (www.icscybersecurityconference.com).

Joe Weiss

About the Author

Joe Weiss | Cybersecurity Contributor

Joe Weiss P.E., CISM, is managing partner of Applied Control Solutions, LLC, in Cupertino, CA. Formerly of KEMA and EPRI, Joe is an international authority on cybersecurity. You can contact him at [email protected]

Sponsored Recommendations

Municipalities are utilizing inline total solids measurements to enhance sludge thickening, lower polymer usage and cut operational expenses.
Carbon dioxide is increasingly recognized as a vital resource with significant economic potential. While the conversion of carbon dioxide into products is still in its infancy...
Discover our wide range of temperature transmitters that convert sensor signals from RTDs and thermocouples into stable and standardized output signals!
An innovative amine absorption-based carbon capture process enables retrofitting of existing industrial facilities to reduce emissions in hard-to-abate sectors, with advanced ...