Why information sharing doesn't work - SIGNIFICANT Control System Cyber Incident
Jan. 3, 2012
On December 30, 2011, the following note appeared on the Automation and Control Engineering Linked-in site of a significant incident in an overseas multi-unit power plant. The DCS used in those units are similar to those used in many US
On December 30, 2011, the following note appeared on the Automation and Control Engineering Linked-in site of a significant incident in an overseas multi-unit power plant. The DCS used in those units are similar to those used in many US power plants. Consequently, I talked to a major US user of this DCS this morning and they were unaware of this incident. As best as I can tell, there has been no discussion of this in any DHS site or the ICS CERT. Moreover, the vendor "suggested" the utility sanitize the disclosure.
Complete DCS failure - loss of logic configurations
"Recently in our coal-thermal power plant, two 500MW units of maxDNA DCS had a simultaneous complete loss of logics of all 214 processors (active and redundant included) leading to extremely dangerous plant conditions. The incident occurred when a faulty common domain ethernet switch was restarted. The incident repeated again after 3 days while reconnecting uplink communication of another common domain ethernet switch, leading to similar situation. With both units under safe shutdown, it was tested again and the complete failure occurred for a third time. All incidents happened while working on net-B; net-A was undisturbed and fully functional. Root cause analysis is still in progress by DCS supplier, no solution has been received yet. I request all to please share & discuss similar incidents."
On January 2, the above note was taken down and replaced with the following on the same linked-in site:
Loss of control in DCS/PLC processor due to communication overload
"For a power plant control system based on DCS/PLC with redundant networks, would a broadcast storm / communication overload (in any or both networks) result in loss of all logic configurations in processor leading to complete loss of plant control? A possible cause of such an overload could be an unintentional loop of ethernet switches being formed. Note: This discussion is a purely hypothetical one with no reference to any specific DCS or PLC system or supplier. I request impartial posts with no specific reference to names. Thank you."
