Other important Issues besides Stuxnet

Sept. 27, 2010

I wanted to provide a capsule summary of several presentations I feel have compelling interest for what they mean to the big picture of ICS cyber security beyond Stuxnet. The Air Force provided a presentation on unintentional control system cyber incidents. The examples demonstrated unintentional cyber incidents can have significant system impacts costing hundreds of millions of dollars. If unintentional incidents can be of such consequence to the Air Force, shouldn’t it be to the ICS community especially considering most ICS cyber incidents are unintentional?

I wanted to provide a capsule summary of several presentations I feel have compelling interest for what they mean to the big picture of ICS cyber security beyond Stuxnet. The Air Force provided a presentation on unintentional control system cyber incidents. The examples demonstrated unintentional cyber incidents can have significant system impacts costing hundreds of millions of dollars. If unintentional incidents can be of such consequence to the Air Force, shouldn’t it be to the ICS community especially considering most ICS cyber incidents are unintentional? The other presentations with implications beyond cyber security concerned the unintended consequences of the NERC CIPs. As many people have recognized, the NERC CIPs have created a culture of compliance not security. This has resulted in the law of unintended consequences. Because of fear of compliance findings and lack of auditor knowledge, the grid is certainly less reliable and possibly less secure. There is certainly less innovation. Moreover, there have been utilities that have been penalized for trying to do more than the minimum since it didn’t meet the auditors' check lists.

I gave a short presentation at the NIST meeting on September 24th.  It was evident there was a lack of understanding by the IT community of the unique issues with ICSs.  Attempting to force fit IT policies onto ICSs can have unintended consequences.
Joe Weiss 

Sponsored Recommendations

Make Effortless HMI and PLC Modifications from Anywhere

The tiny EZminiWiFi is a godsend for the plant maintenance engineers who need to make a minor modification to the HMI program or, for that matter, the PLC program. It's very easy...

The Benefits of Using American-Made Automation Products

Discover the benefits of American-made automation products, including stable pricing, faster delivery, and innovative features tailored to real-world applications. With superior...

50 Years of Automation Innovation and What to Expect Next

Over the past 50 years, the automation technology landscape has changed dramatically, but many of the underlying industry needs remain unchanged. To learn more about what’s changed...

Manufacturing Marvels Highlights Why EZAutomation Is a Force to Be Reckoned With

Watch EZAutomation's recent feature on the popular FOX Network series "Manufacturing Marvels" and discover what makes them a force to be reckoned with in industrial automation...