Control system cyber incidents are more plentiful and impactful than most observers expect – more than 17 million directly resulting in more than 34,000 deaths. While there have been more than 1,200 electric grid cyber-related incidents, that doesn’t adequately reflect the true impact on customers and the economy. The majority of the 17 million-plus control system cyber incidents were malicious not unintentional.
By number of incidents, most of the control system cyber incidents were engineering-based attacks used to camouflage a deficiency in the design of the product or to cause physical damage.
These attacks did not involve the Internet, Windows, or OT networks to carry out the attacks. Consequently, these incidents were not identifiable by network cyber forensics and would not fall under the CISO’s domain. This means most of these incidents would not be addressed by existing government and industry cyber security guidance, nor make its way to the Boards as cyber events.
Read more…
Source: Control Global