Why information sharing doesn't work - SIGNIFICANT Control System Cyber Incident

    Jan. 3, 2012

    On December 30, 2011, the following note appeared on the Automation and Control Engineering Linked-in site of a significant incident in an overseas multi-unit power plant.  The DCS used in those units are similar to those used in many US

    On December 30, 2011, the following note appeared on the Automation and Control Engineering Linked-in site of a significant incident in an overseas multi-unit power plant.  The DCS used in those units are similar to those used in many US power plants. Consequently, I talked to a major US user of this DCS this morning and they were unaware of this incident.  As best as I can tell, there has been no discussion of this in any DHS site or the ICS CERT. Moreover, the vendor "suggested" the utility sanitize the disclosure.

    Complete DCS failure - loss of logic configurations

    "Recently in our coal-thermal power plant, two 500MW units of maxDNA DCS had a simultaneous complete loss of logics of all 214 processors (active and redundant included) leading to extremely dangerous plant conditions. The incident occurred when a faulty common domain ethernet switch was restarted. The incident repeated again after 3 days while reconnecting uplink communication of another common domain ethernet switch, leading to similar situation. With both units under safe shutdown, it was tested again and the complete failure occurred for a third time. All incidents happened while working on net-B; net-A was undisturbed and fully functional. Root cause analysis is still in progress by DCS supplier, no solution has been received yet. I request all to please share & discuss similar incidents."

    On January 2, the above note was taken down and replaced with the following on the same linked-in site:

    Loss of control in DCS/PLC processor due to communication overload

    "For a power plant control system based on DCS/PLC with redundant networks, would a broadcast storm / communication overload (in any or both networks) result in loss of all logic configurations in processor leading to complete loss of plant control? A possible cause of such an overload could be an unintentional loop of ethernet switches being formed.
    Note: This discussion is a purely hypothetical one with no reference to any specific DCS or PLC     system or supplier. I request impartial posts with no specific reference to names. Thank you."

    I am confused.

    Joe Weiss

    Continue Reading

    Sponsored Recommendations

    Municipalities are utilizing inline total solids measurements to enhance sludge thickening, lower polymer usage and cut operational expenses.
    Carbon dioxide is increasingly recognized as a vital resource with significant economic potential. While the conversion of carbon dioxide into products is still in its infancy...
    Discover our wide range of temperature transmitters that convert sensor signals from RTDs and thermocouples into stable and standardized output signals!
    An innovative amine absorption-based carbon capture process enables retrofitting of existing industrial facilities to reduce emissions in hard-to-abate sectors, with advanced ...

    Latest from Home

    Businessman in recruitment concept with horseshoe magnet
    Source: MxD
    Figure 1: Steady streams of students and other visitors take in the digital and cybersecurity demonstrations at Manufacturing times Digital (MxD) institute, which provides participants with programs in digitalized tools, cybersecurity and workforce expertise.
    Two petrochemical workers inspecting pressure valves on a fuel tank

    Most Read

    Sponsored