The February 2012 ICS-CERT Monthly Monitor has an article on a state government building that had their HVAC hacked. According to ICS-CERT, in January, ICS-CERT identified and responded to a cyber intrusion into a building Energy Management System (EMS) used to control heating and
cooling for a state government facility. Facility personnel reported to ICS-CERT that they had discovered unauthorized adjustments to the EMS control settings that had resulted in unusually warm temperatures in the facility. Concerned about this anomalous activity, quick thinking personnel had reset the system settings to normal values and had adjusted the configuration to remove the Internet accessibility. ICS-CERT analyzed the provided telemetry data and access logs and determined that temperature set points had been changed by an unauthorized user via the Internet accessible interface. Someone had gained access to this system despite the remote logon configuration requiring a password.
Compare that to an incident that occurred in late December where a two-unit power plant lost
the logic in ALL 200+ plant distributed control system (DCS) processors with the plant at power with resultant physical damage. Isn't that more important?
Joe Weiss P.E., CISM, is managing partner of Applied Control Solutions, LLC, in Cupertino, CA. Formerly of KEMA and EPRI, Joe is an international authority on cybersecurity. You can contact him at [email protected]
