A case of misplaced ICS-CERT priorities - hack of building HVAC vs loss of logic of ALL DCS processors
The February 2012 ICS-CERT Monthly Monitor has an article on a state government building that had their HVAC hacked. According to ICS-CERT, in January, ICS-CERT identified and responded to a cyber intrusion into a building Energy Management System (EMS) used to control heating and cooling for a state government facility. Facility personnel reported to ICS-CERT that they had discovered unauthorized adjustments to the EMS control settings that had resulted in unusually warm temperatures in the facility. Concerned about this anomalous activity, quick thinking personnel had reset the system settings to normal values and had adjusted the configuration to remove the Internet accessibility. ICS-CERT analyzed the provided telemetry data and access logs and determined that temperature set points had been changed by an unauthorized user via the Internet accessible interface. Someone had gained access to this system despite the remote logon configuration requiring a password.
Compare that to an incident that occurred in late December where a two-unit power plant lost the logic in ALL 200+ plant distributed control system (DCS) processors with the plant at power with resultant physical damage. Isn't that more important?
Joe Weiss