Cybersecurity policies require that cyber incidents be identified as such. Cyber incident response plans are then initiated after incidents are identified as being cyber-related. To meet those goals, training is required to be able to identify control system incidents as being cyber-related and a mechanism to disseminate this information on control system cyber incidents throughout […]
Category: Critical Infrastructure
Inverter setting mismatch triggers 1GW HVDC outage between Estonia and Finland
In January 2026, a technical incident occurred in Estonia during testing of the new 100MW Hertz 1 (Kiisa) battery energy storage system (BESS). The event triggered protective relays, resulting in the emergency shutdown of over 1GW of HVDC capacity, specifically the EstLink 1 and EstLink 2 interconnectors. The root cause was an incorrect parameter configuration […]
Medical device control system cyber incidents have injured and killed people
Cyber incidents are electronic communication between systems, or between systems and people (as when users interact with displays), that can affect the traditional IT triad of C, I, or A. Cyber incidents can be unintentional or malicious. Medical device control system cyber incidents are more prevalent than has been thought.From the December 2025 issue of IEEE […]
The need for appropriate Purdue Reference Model Level 0 cybersecurity training
I expected by now there would be commercial and government organizations addressing the unique cybersecurity issues at Level 0. They are not. This disconnect highlights a fundamental problem: much of today’s OT cybersecurity training assumes a security posture at Level 0 that simply does not exist. That is, just because Level 0 devices are not […]
Cybersecurity regulations assume a security posture for Level 0 devices that do not exist
An unjustified assumption underlies the cybersecurity of manufacturing and industrial processes. You can’t be cybersecure or safe if you can’t trust your measurements. The lack of embedded cybersecurity in Level 0 devices forces a fundamental reexamination of current regulatory frameworks such as NERC CIP, ISA/IEC 62443-4-2, NIST SP 800-82, API, AWWA, NIS2, CRA, KRITIS, NEI-0809, […]
After more than 18 years, Aurora is still an existential threat to critical infrastructures
Control system hardware cybersecurity issues continue to be out of the cybersecurity mainstream. Protective relay issues are an example where there are hardware cyber issues that cannot be detected by network security monitoring. These issues include manipulating registers in the relays and remotely opening and closing the relays. Aurora incidents are a good example of […]
Recollections from 9/11
The week of 9/11, I was in Houston along with 40,000 others for the ISA Expo. On 9/9 I was made an ISA Fellow. On 9/10, we held two sessions on CONTROL SYSTEM (there was no such term as OT at the time) cybersecurity that were well attended by the engineers with minimal IT attendance […]
What have we learned since Stuxnet – when it comes to control system cyber security not much
For SCADASec Fifteen years ago, I wrote the blog – “Malicious vs unintentional cyber incidents – why it is necessary to include unintentional incidents” This blog was written weeks before Stuxnet and its impact on control systems and centrifuge damage were made public. Stuxnet demonstrated that cyberattacks could be made to look like equipment malfunctions […]
NERC Sensors
The fallacy that the electric grid is cybersecure by meeting the NERC CIPs is finally being exposed. Situational awareness is based on process sensor input that is incorrectly assumed to be uncompromised, authenticated, and correct. Because process sensors use non-routable protocols, they have not been considered to be NERC Cyber Assets. Depending on the situation, […]
Network tabletop exercises don’t include engineering and plant operations
If engineering and operations are left out of cybersecurity training and exercises, it’s no surprise that they’d also tend to be overlooked during the pressure of an actual incident. The complexity in manufacturing and industrial control systems is not understood by network security. Simply restarting IT and OT networks from a “golden backup” is not […]