Lightbulbs Slowing Going on over Control System “Cyber Incidents”

I had a meeting Wednesday morning with an IEEE standards committee on cyber security of substation devices. Following that, Marshall Abrams from MITRE and I gave a presentation at RSA, which is billed as the world’s largest cyber security conference. I then gave a presentation at a major control system users’ group meeting. There were several other presentations at RSA on the subject of “SCADA security.” In one of the panel sessions, there was a discussion about media hype and how it is hurting the process by jading management. Following that concern, a presentation was made about how easy it was to hack the grid. It certainly succeeded in getting media hype on an approach that is dubious at best in terms of doing any damage to control systems. As to the three meetings I attended, the reactions at all three were remarkably similar. To start with, there was a lack of appreciation of how real the problem really was. There was also a lack of understanding by the IT community of the uniquenesses of these systems and why solutions need to be tailored to these systems. More importantly, the “light started going on” with several knowledgeable control system engineers as what was actually meant by the term “cyber incident.” Once it was explained that a cyber incident means an impact on confidentiality, integrity or availability, and not just an intentional attack, several people came forward to say they had experienced problems (cyber incidents) resulting in system downtime in substations, power plants and chemical plants. My database is increasing and the need for discussions on preventing these types of events is growing more urgent. Consequently, there will be significant discussions on actual cases at the August Cyber Security Conference in Chicago.