Subsequent to a conference last week in Washington, the story: “Cyberattacks Against Critical U.S. Networks Rising at a Faster Rate” has generated comments pro and con on the SCADASec listerver. Basically, the arguments (can’t say discussions) concern whether they are cyber attacks or cyber incidents and if they are only cyber incidents why care. I am attaching my comments.
There are two major points that need to be addressed and they are major differences between the IT and control systems communities.
- The numbers are real, demonstrate a trend, but are statistically insignificant. Hopefully, the RISI data (which is consistent with mine) indicates more people are looking because with industry initiatives such as Smart Grid and NERC CIP compliance, there will be MORE control system cyber incidents. What should be understood are the numbers prove control system cyber incidents are real, can cause real problems, and need to be addressed. At best, there are minimal control system cyber forensics (the lack of control system cyber forensics was specifically discussed at the October ACS Control System Cyber Security Conference) and very little expertise to identify an event as cyber (discussed at the DHS ICSJWG Conference) - we won’t know the incident was cyber. There is a reticence to identify an incident as cyber because of the extra work and spotlight it shines on the organization and individuals who report it – no good deed goes unpunished.
- Unlike IT, it doesn’t have to be an intentional cyber attack or even a virus or worm to cause significant PHYSICAL impacts. Examples of control system cyber incidents are Bellingham and DC Metro that killed people - isn’t that significant; Browns Ferry and Hatch shut down nuclear power plants costing millions of dollars and affecting the reliability of the electric grid – isn’t that significant. In most cases, unintentional cyber incidents could be intentionally caused significantly exacerbating the impacts. Consequently, it is very important to address these incidents. These incidents are not tripping on cords and it does not serve anybody or any cause to be so flippant.
Joe Weiss
Leaders relevant to this article: