A case of misplaced ICS-CERT priorities - hack of building HVAC vs loss of logic of ALL DCS processors

Category:

Ics-cert Dcs Security

Submitted by jweiss on Fri, 03/09/2012 - 23:36.

The February 2012 ICS-CERT Monthly Monitor has an article on a state government building that had their HVAC hacked. According to ICS-CERT, in January, ICS-CERT identified and responded to a cyber intrusion into a building Energy Management System (EMS) used to control heating and
cooling for a state government facility. Facility personnel reported to ICS-CERT that they had discovered unauthorized adjustments to the EMS control settings that had resulted in unusually warm temperatures in the facility. Concerned about this anomalous activity, quick thinking personnel had reset the system settings to normal values and had adjusted the configuration to remove the Internet accessibility. ICS-CERT analyzed the provided telemetry data and access logs and determined that temperature set points had been changed by an unauthorized user via the Internet accessible interface. Someone had gained access to this system despite the remote logon configuration requiring a password.

Compare that to an incident that occurred in late December where a two-unit power plant lost
the logic in ALL 200+ plant distributed control system (DCS) processors with the plant at power with resultant physical damage. Isn't that more important?

Joe Weiss

Login or register to post comments
2005 reads
Permalink
1 Comment

ICS-CERT Priorities

Submitted by pjcoyle on Wed, 03/14/2012 - 19:26.

ICS-CERT is supposed to respond to requests for assistance, if not asked they cannot help. Even more of a problem is that if they are asked to help they may not be allowed to publicly disclose the problem/response. There are no legal impediments to sharing sanitized (no names/locations) reports about building HVAC systems. Power plants are a completely different story.

If there was an ICS-CERT response to the December power plant incident it would have been nice if they could have appropriately sanitized a report on what caused the problem. Could this have been one of the 86 control system 'attacks' reported to Congress by DHS?

Patrick Coyle

Chemical Facility Security News

About Unfettered

Control Systems Cybersecurity Expert, Joseph M. Weiss, is an international authority on cybersecurity, control systems and system security. Weiss weighs in on cybersecurity, science and technology, security emerging threats and more.

	reads
The first annual Manufacturing IT Forum brings great content, no attendance	63432
If you can't read a P&ID diagram, you need this self-study course	36431
Water System Hack - The System Is Broken	25954
Loop checking and field instrument testing procedure	25927
Directory of Lost Companies	22927
List of Companies	17122
Paulett Eberhart leaves Invensys	16106
Involving Operators in HMI Design	15528
2009 Control System Cyber Security Conference - Mark Your Calendar	14833

Search Posts

more tags