What is a control system cyber incident – BP Oil Spill misunderstanding

Aug. 1, 2010

I made the assumption (you know what that means) that people understood what a control system cyber incident was when I wrote Friday's blog on the BP oil spill. The following is a response from a technology writer about the blog: “Yeah, the old BSOD (blue screen of death), eh? We wrote about this last week”.  A control system cyber incident as defined by NIST is electronic communications between systems that affects Confidentiality, Integrity, or Availability.  BSOD in the ICS world happens all too frequently, but is not by itself a control system cyber incident.

I made the assumption (you know what that means) that people understood what a control system cyber incident was when I wrote Friday's blog on the BP oil spill. The following is a response from a technology writer about the blog: “Yeah, the old BSOD (blue screen of death), eh? We wrote about this last week”.  A control system cyber incident as defined by NIST is electronic communications between systems that affects Confidentiality, Integrity, or Availability.  BSOD in the ICS world happens all too frequently, but is not by itself a control system cyber incident. What is more important is that this is the fourth ICS cyber incident that has killed people - and they are all similar (see Friday's blog). However, this is the FIRST Windows case!!!! The other three ICS cyber incidents that killed people had nothing to do with Windows nor was the Aurora demonstration that destroyed a diesel generator.  Unfortunately, the gap in ICS cyber security understanding is still vast and a reason for the book and the Conference.
Joe Weiss