The mission of this group is to bring together utility professionals in the power industry who are in the thick of the digital utility transformation. 

Joseph Weiss's picture
Managing Partner Applied Control Solutions

40+ years in industrial instrumentation controls, and automation 20+ years in cyber security of industrial control systems Authored Protecting Industrial Control Systems from Electronic Threats...

  • Member since 2020
  • 52 items added with 36,198 views
  • Jul 20, 2022
  • 357 views

July 11, 2022, the BBC published an article, “Predatory Sparrow: Who are the hackers who say they started a fire in Iran?” The article states that it's extremely rare for hackers to cause damage in the physical world. But according to the BBC article, a cyberattack on a steel mill in Iran was a kinetic cyberattack meant to cause physical damage. The article goes on to state that the 2010 Stuxnet attack is one of the few - if not the only known - example of a cyber-attack causing physical damage. This statement is often made because of a common view that cyber threats are largely confined to IP network attacks meant to steal data, cause denial-of-service, or hold data for ransom. However, kinetic attacks are meant to cause physical and/or environmental damage. Kinetic cyberattacks have occurred since at least 2000, and possibly since the early 1980s. The threat actors who conducted these attacks have demonstrated significant knowledge and sophistication about the control systems and what it takes to damage the physical processes. The common threads among these kinetic cyberattacks are they are often identified as equipment malfunctions and can take a substantial amount of time before they are identified as being cyber-related because there are neither cyber forensics at the control system device layer nor training for the engineers to recognize what could be malicious cyberattacks versus equipment malfunctions. Trying to identify or prevent kinetic cyberattacks requires knowledge beyond just OT network security. The lack of cyber security inherent in the control system devices and networks requires expertise in OT network security, domain knowledge of the systems, and control system device security. Discounting kinetic cyberattacks is done at your peril.

Joseph Weiss's picture
Thank Joseph for the Post!
Energy Central contributors share their experience and insights for the benefit of other Members (like you). Please show them your appreciation by leaving a comment, 'liking' this post, or following this Member.
More posts from this member
Discussions
Spell checking: Press the CTRL or COMMAND key then click on the underlined misspelled word.

No discussions yet. Start a discussion below.

Get Published - Build a Following

The Energy Central Power Industry Network is based on one core idea - power industry professionals helping each other and advancing the industry by sharing and learning from each other.

If you have an experience or insight to share or have learned something from a conference or seminar, your peers and colleagues on Energy Central want to hear about it. It's also easy to share a link to an article you've liked or an industry resource that you think would be helpful.

                 Learn more about posting on Energy Central »