A recent NERC Lessons Learned event discussed where a combined cycle power plant in Florida suffered significant load oscillations because a sensor provided erroneous input to the steam turbine controller. The controller reacted by cycling the turbine resulting in 200MW load swings (see Max 737 plane crashes). These oscillations caused a 0.25Hz impact on the […]
Category: Critical Infrastructure
TSA cyber security requirements are still not addressing control system-unique issues
The new TSA cyber security requirements developed based on the Colonial Pipeline event will require timely identification and notification of cyberattacks. There have been more than 50 control system cyber incidents in natural gas and liquid pipeline systems yet only the Colonial Pipeline incident has been identified as being a cyber incident (cyberattack). Detecting cyberattacks […]
Food Security magazine interview – Cyberattacks: What food processors won’t talk about
With the concerns being voiced about the need for critical infrastructure cyber security in electric, water (Oldsmar), and energy (Colonial Pipelines), I have seen little discussion about the food sector which has no cyber security requirements for the control systems used in the food manufacturing process (Food Safety Management Act). Consequently, March 14, 2021 I […]
The Colonial Pipeline cyberattack – Did IT/OT convergence contribute to the attack
After having done the analysis of the Bellingham, WA Olympic Pipeline rupture that killed 3 people for NIST, I expected the Colonial Pipeline hack to be an OT incident affecting the SCADA system and potentially causing pipe leaks or pipe ruptures. However, that does not appear to be the issue in this case. Darkside’s malware […]
Control system cyber incidents are much more plentiful than people realize
Control systems are systems of systems. Consequently, when one device or system is compromised, it can impact many others, potentially numbered in the tens to thousands. If I were to have counted all of the individual cases, my database would have almost 12 million control system cyber incidents. The insurance industry and credit rating agencies […]
Are your buildings and cloud cyber secure?
Many data centers that support the cloud as well as commercial buildings have not adequately addressed control system cyber security. The lack of adequately addressing building control system cyber security was demonstrated to have caused very significant financial and potentially safety impacts. When you consider these control system cyber threats can affect multiple buildings, the […]
A Reality Check of the DOE 100-Day Plan to Address Cybersecurity Risks to the US Electric System
I am happy to see ICS cyber security specifically being addressed by the US Secretary of Energy. It is “unobtainium” to secure the electric system, or any other industry which uses the same equipment, within 100 days even though there can be a good start. Network cyber threat prevention and situational awareness can be employed […]
Enough About Data Breaches. Let’s Talk About OT Security – TAG Cyber
Tag Cyber moderated a roundtable discussion with Mark Weatherford and me on control system cybersecurity. The discussion was why operational technology (OT) is woefully neglected—and what can be done to change that. This discussion becomes even more timely with the recent DOE 100-Day Plan to Address Cybersecurity Risks to the US Electric System. The roundtable […]
Was the Ever Given hacked in the Suez Canal?
This blog is speculative as there is little public information about what caused the Ever Given to run aground in the Suez Canal. I find it curious that a newer ship could have had the technical problems (which could have been caused by a cyberattack) at just the time the ship could entirely block the […]
Data center cybersecurity – don’t overlook the cyber vulnerable building control systems
According to many people, data is the new oil. Industries such as insurance, finance, retail, etc. depend on massive amounts of data from multiple data centers. However, what happens if you can’t get to your data because the data center infrastructure or servers have been damaged and are unusable? Data is merely a series of […]