DC Metro – Part 2

Aug. 27, 2009

On June 29th, I wrote following blog:

"

On June 29th, I wrote following blog:
In the control systems community, the primary focus is on safety and reliability while the most frequent cyber risks are unintentional.  As Walt Boyes phrases it, the control systems community needs to focus on functional security. Functional security addresses the ability of systems to perform their functions in the face of intentional or unintentional cyber threats while assuring fail-safe operation. Functional security requires not just control systems domain expertise, but looking at system design and policies from a different perspective.  The lack of functional security has led to control system cyber incidents in electric, water, oil/gas, chemicals, and transportation including several with fatalities. Air France (aircraft) and the Washington DC Metro (rail rapid transit) apparently involved cyber control system failures; the Olympic Pipeline Company – Bellingham (gasoline pipeline) did suffer from cyber control system failures.

Common issues in Air France, DC Metro, and Olympic were:
- Reliance on remote (automated) system control
- Previously failures with control systems and components
- Logic that did not provide for “fail-safe” conditions
- Violation of the NIST Confidentiality/Integrity/Availability criteria

Modern communications and control system technologies are making systems more productive, but are reducing robustness. Many control system cyber incidents did not violate IT security policies as they were control system design or operation issues. And, yes, they could have been intentionally caused. The Smart Grid will further blur the lines between IT and control systems making functional security even more important. However, control system domain expertise is lacking. It’s time to address functional security of control systems before more people die. 

August 25, I had an opportunity to speak with NTSB. After explaining the NIST definition of a cyber incident and what we have been finding to date, the NTSB engineer concurred this was a non-malicious control system cyber incident. Moreover, not only was there a lack of communications on the position of the train in the block, there was also a lack of appropriate alarms and actions taken on the alarms that did arise. This is very similar to other control system cyber incidents in electric power, water, pipelines, etc. That means there is at least one other commonality between Bellingham and DC Metro (and for that matter the Northeast Outage, the Florida Outage, etc) - operator confusion due to “inaccurate” operator displays.

The issue of functional security and fail-safes not being fail-safe will be a topic of discussion at the October Control System Cyber Security Conference.

Joe Weiss

Further reading: 
Metro Control System Fails Test Technology Should Have Averted Crash, http://www.washingtonpost.com/wp-dyn/content/article/2009/06/25/AR2009062501073.html

NTSB: Metro signal system didn't detect test train, http://www.washingtonpost.com/wp-dyn/content/article/2009/06/25/AR2009062500652.html

Metrorail Crash May Exemplify Automation Paradox
http://www.washingtonpost.com/wp-dyn/content/article/2009/06/28/AR2009062802481.html


Bellingham Control System Cyber Security Case Study, http://csrc.ncsl.nist.gov/groups/SMA/fisma/ics/documents/Bellingham_Case_Study_report%2020Sep071.pdf

Sponsored Recommendations

Make Effortless HMI and PLC Modifications from Anywhere

The tiny EZminiWiFi is a godsend for the plant maintenance engineers who need to make a minor modification to the HMI program or, for that matter, the PLC program. It's very easy...

The Benefits of Using American-Made Automation Products

Discover the benefits of American-made automation products, including stable pricing, faster delivery, and innovative features tailored to real-world applications. With superior...

50 Years of Automation Innovation and What to Expect Next

Over the past 50 years, the automation technology landscape has changed dramatically, but many of the underlying industry needs remain unchanged. To learn more about what’s changed...

Manufacturing Marvels Highlights Why EZAutomation Is a Force to Be Reckoned With

Watch EZAutomation's recent feature on the popular FOX Network series "Manufacturing Marvels" and discover what makes them a force to be reckoned with in industrial automation...