Control system cyber impacts are visible – lights go out, pipes leak or break, trains crash, planes crash, etc. However, it is often not evident that cyber played a role. Many times, sophisticated cyber attackers will make a cyberattack look like an equipment malfunction. There have been cyberattacks by Russia and China on US grids and other critical infrastructures. Because there are so few cyber forensics at the control system field device level and little cyber security training for the control system engineers, these cyber incidents and attacks often go unidentified as having been cyber-related. The lack of cyber security and authentication of control system field devices like process sensors make situational awareness suspect at best. This means the incident response capability may not be initiated when the incident was not identified as being a cyber incident. The culture gap between engineers and network security is alive and well exacerbating the problem. There have been more than 1,200 electric grid cyber incidents globally including 7 US cyber-related outages that affected at least 80,000 customers. Additionally, there have been grid cyber-related incidents in Europe, Asia, and South America that have affected millions of customers. It is evident that information sharing on control system cyber incidents is not working.
