Cyber Incident vs Cyber Attack - does it matter

Dec. 13, 2009

Subsequent to a conference last week in Washington, the story: “Cyberattacks Against Critical U.S. Networks Rising at a Faster Rate” has generated comments pro and con on the SCADASec listerver. Basically, the arguments (can’t say discussions) concern whether they are cyber attacks or cyber incidents and if they are only cyber incidents why care.  I am attaching my comments.
There are two major points that need to be addressed and they are major differences between the IT and control systems communities.

"

Subsequent to a conference last week in Washington, the story: “Cyberattacks Against Critical U.S. Networks Rising at a Faster Rate” has generated comments pro and con on the SCADASec listerver. Basically, the arguments (can’t say discussions) concern whether they are cyber attacks or cyber incidents and if they are only cyber incidents why care.  I am attaching my comments.
There are two major points that need to be addressed and they are major differences between the IT and control systems communities.
- The numbers are real, demonstrate a trend, but are statistically insignificant. Hopefully, the RISI data (which is consistent with mine) indicates more people are looking because with industry initiatives such as Smart Grid and NERC CIP compliance, there will be MORE control system cyber incidents. What should be understood are the numbers prove control system cyber incidents are real, can cause real problems, and need to be addressed. At best, there are minimal control system cyber forensics (the lack of control system cyber forensics was specifically discussed at the October ACS Control System Cyber Security Conference) and very little expertise to identify an event as cyber (discussed at the DHS ICSJWG Conference) - we won’t know the incident was cyber. There is a reticence to identify an incident as cyber because of the extra work and spotlight it shines on the organization and individuals who report it – no good deed goes unpunished.
- Unlike IT, it doesn’t have to be an intentional cyber attack or even a virus or worm to cause significant PHYSICAL impacts. Examples of control system cyber incidents are Bellingham and DC Metro that killed people - isn’t that significant; Browns Ferry and Hatch shut down nuclear power plants costing millions of dollars and affecting the reliability of the electric grid – isn’t that significant. In most cases, unintentional cyber incidents could be intentionally caused significantly exacerbating the impacts. Consequently, it is very important to address these incidents.  These incidents are not tripping on cords and it does not serve anybody or any cause to be so flippant.
Joe Weiss

Sponsored Recommendations

Make Effortless HMI and PLC Modifications from Anywhere

The tiny EZminiWiFi is a godsend for the plant maintenance engineers who need to make a minor modification to the HMI program or, for that matter, the PLC program. It's very easy...

The Benefits of Using American-Made Automation Products

Discover the benefits of American-made automation products, including stable pricing, faster delivery, and innovative features tailored to real-world applications. With superior...

50 Years of Automation Innovation and What to Expect Next

Over the past 50 years, the automation technology landscape has changed dramatically, but many of the underlying industry needs remain unchanged. To learn more about what’s changed...

Manufacturing Marvels Highlights Why EZAutomation Is a Force to Be Reckoned With

Watch EZAutomation's recent feature on the popular FOX Network series "Manufacturing Marvels" and discover what makes them a force to be reckoned with in industrial automation...