Data center control system cyber incidents have shut down or damaged data centers operated by many different entities globally. August 30, 2023, a utility voltage sag tripped cooling units at the Microsoft Australia East Azure Data Center. When the voltage sag occurred, all five chillers in operation faulted and didn’t restart because the pumps did […]
Category: Electric
Hacking insecure process sensor systems may have affected the Chernobyl nuclear plant site
I am an engineer not a threat analyst. I can tell you what can happen to control systems from cyber vulnerabilities; I cannot tell you why someone would or would not want to exploit these vulnerabilities. My concerns are from a safety perspective as process sensors are used globally to monitor environmental conditions around industrial […]
NERC Cyber Security Incident Reporting Is Obscuring the Truth
The electric industry is recognized as the most critical of critical infrastructures. Consequently, one would expect that incident reporting would be important and trusted. Unfortunately, this is not occurring as can be seen by the discrepancies between the DOE OE-417 reporting and the NERC submittal to FERC. It is evident the DOE and NERC CIP […]
Regulatory gaps drive systemic under-reporting and poor situational awareness
Control system cyber impacts are visible – lights go out, pipes leak or break, trains crash, planes crash, etc. However, it is often not evident that cyber played a role. Many times, sophisticated cyber attackers will make a cyberattack look like an equipment malfunction. There have been cyberattacks by Russia and China on US grids […]
Process sensors are different than IOT and IIOT devices
December 2022, the US Government Accountability Office (GAO) issued Critical Infrastructure Actions Needed to Better Secure Internet-Connected Devices (GAO-23-105327). According to GAO, the scope of the report was governed by a legislative mandate in The Internet of Things Cybersecurity Improvement Act of 2020, which (along with conversations with GAO’s Congressional clients), which dictated the terms […]
More than 17 million dangerous control system cyber incidents are hidden in plain sight
Control system cyber incidents are plentiful (more than 17 million), dangerous, and mostly unidentified as being cyber-related Control system cyber incidents are more common and dangerous than most security specialists and industry leaders tend to believe. That requires some explanation. I have been amassing a database of control system cyber incidents since 2000 when I […]
Critical infrastructures cannot be secure when critical equipment isn’t
August 25, 2022, I received a call from an insurance specialty insurer who had received an Operational Technology (OT) Supplemental Application from a global control system supplier to the aerospace industry, industrial operations, and the US Department of Defense. I am personally aware of at least some of the company’s products because of their use […]
Utility/DOE data indicates sophisticated hackers have compromised US electric control centers
This is the utilities’ data and DOE analyzed it… and it was still missed DOE’s Form OE-417 collects information from the US utilities on electric incidents and emergencies. The OE-417 data covers the time span from 2000 through the end of February 2022 and so does not include any incidents since the start of the […]
The survey results of the 2022 DNV energy cyber security report are grossly misleading
DNV published The Cyber Priority report, “The State of Cyber Security in the Energy Sector”. I believe the oil, gas, and chemical (not electric) industries are leading most industries addressing control system cyber security. The report states the research draws on a survey of 948 energy professionals and a series of in-depth interviews with industry […]
Critical infrastructure cyber security is broken – process sensors continue to be ignored
While no one would argue that network security isn’t important, it’s also important that the basic process sensor data that cross the OT network not be overlooked. Process sensors are necessary input for reliability, availability, safety, predictive maintenance, product quality, and cyber security. Yet process sensors have no cyber security and are connected to the […]