Not all control system cyber incidents are malicious cyberattacks. They can be accidents or errors, too. In their haste to find OT cyberattacks, the OT cybersecurity community, including regulators, continue to jump to conclusions about what are OT cyberattacks while at the same time ignoring incidents that don’t look like cyber incidents they are used […]
Category: Dams
Observations from 2021 SANS ICS Cyber Security Conference
The 2021 SANS ICS Cyber Security Conference was held March 4-5, 2021 with almost 9,000 registrants globally. The Conference thoroughly addressed OT networking issues. However, cyber security issues associated with Level 0,1 devices were not as adequately understood and addressed. There was also almost no discussion of the hardware backdoors in the Chinese-made transformers. My […]
Why the NY Dam Incident Really Did Not Matter
Ray Park from the SCADASEC mailing list made this comment on 5-Apr-2016: Dams, other than major hydroelectric dams, are not a good target for hack attack. With most flood control and water reservoir dams, the only real control is the floodgates. We considered how to use that and the only thing we could come up […]
Iranian Hacker Used Google To Hack N.Y. Dam Computer
I have a bit of background I learned from primary sources with direct knowledge of the situation. First, this dam was not a life safety issue. It was for storm water management. The sluice gate was supposedly out of service at the time. However, even it had been in service, it could have gone up […]