History of Industrial Control System Cyber Incidents

Hemsley, Kevin E.; E. Fisher, Dr. Ronald

doi:10.2172/1505628

Title: History of Industrial Control System Cyber Incidents

Full Record
Other Related Research

Abstract

For many years malicious cyber actors have been targeting the industrial control systems (ICS) that manage our critical infrastructures. Most of these events are not reported to the public, and the threats and incidents to ICS are not as well-known as enterprise cyber threats and incidents. This paper is a brief study of publically reported cyber threats to critical infrastructure that sheds light on the growing cyber threats to ICS devices. It is important to note that this list is not all inclusive. The events selected in this study highlight the significant threats and incidents to industrial control systems and demonstrate that significant cyber incidents to ICS devices are growing and becoming more complex.

Authors:

Hemsley, Kevin E. ^[1];

^[2]

Idaho National Lab. (INL), Idaho Falls, ID (United States)
Idaho National Lab. (INL), Idaho Falls, ID (United States

Publication Date:: 2018-12-31

Research Org.:: Idaho National Lab. (INL), Idaho Falls, ID (United States)

Sponsoring Org.:: USDOE Office of Nuclear Energy (NE)

OSTI Identifier:: 1505628

Report Number(s):: INL/CON-18-44411-Rev002

DOE Contract Number:: AC07-05ID14517

Resource Type:: Technical Report

Country of Publication:: United States

Language:: English

Subject:: 99 GENERAL AND MISCELLANEOUS; Industrial Control Systems; Cybersecurity; Threats

Citation Formats


                    Hemsley, Kevin E., and E. Fisher, Dr. Ronald. History of Industrial Control System Cyber Incidents.  United States: N. p., 2018. 
        Web.  doi:10.2172/1505628.

Copy to clipboard


                    Hemsley, Kevin E., & E. Fisher, Dr. Ronald. History of Industrial Control System Cyber Incidents.  United States.  https://doi.org/10.2172/1505628

Copy to clipboard


                    Hemsley, Kevin E., and E. Fisher, Dr. Ronald. 2018.  
        "History of Industrial Control System Cyber Incidents".  United States.  https://doi.org/10.2172/1505628.  https://www.osti.gov/servlets/purl/1505628.

Copy to clipboard


                    
@article{osti_1505628,

  title        = {History of Industrial Control System Cyber Incidents},

  author       = {Hemsley, Kevin E. and E. Fisher, Dr. Ronald},

  abstractNote = {For many years malicious cyber actors have been targeting the industrial control systems (ICS) that manage our critical infrastructures. Most of these events are not reported to the public, and the threats and incidents to ICS are not as well-known as enterprise cyber threats and incidents. This paper is a brief study of publically reported cyber threats to critical infrastructure that sheds light on the growing cyber threats to ICS devices. It is important to note that this list is not all inclusive. The events selected in this study highlight the significant threats and incidents to industrial control systems and demonstrate that significant cyber incidents to ICS devices are growing and becoming more complex.},

  doi          = {10.2172/1505628},

  url          = {https://www.osti.gov/biblio/1505628},
  journal      = {},
number       = ,

  volume       = ,

  place        = {United States},

  year         = {2018},

  month        = {12}

}

Copy to clipboard

Technical Report:

View Technical Report (0.60 MB)

https://doi.org/10.2172/1505628

Save / Share:

Export Metadata

Save to My Library

Similar records in OSTI.GOV collections:

Evolution and Trends of Industrial Control System Cyber Incidents since 2017

Journal Article Grubbs, Robert; Stoddard, Jeremiah; Freeman, Sarah; ... - Journal of Critical Infrastructure Policy

The industrial control systems (ICSs) that manage our critical infrastructure are increasingly converging with corporate networks and the Internet as technology and businesses prioritize digital connectivity. These connections make them more vulnerable and available to malicious cyber actors who traditionally targeted the companies’ more public-facing information technology (IT) networks. This paper will review select publicly reported cyber incidents to highlight the continued and growing threat to ICS devices and operational technology (OT) environments. It will summarize the incident and when available, will provide information on the cyber actors, the vulnerabilities they exploited, and any publications the U.S. Government (USG) providedmore »« less
https://doi.org/10.18278/jcip.2.2.4

Full Text Available
Guide for Cyber Assessment of Industrial Control Systems Field Devices.

Technical Report Stamp, Jason; Stinebaugh, Jennifer; Fay, Daniel

Programmable logic controllers (PLCs) and other field devices are important components of many weapons platforms, including vehicles, ships, radar systems, etc. Many have significant cyber vulnerabilities that lead to unacceptable risk. Furthermore, common procedures used during Oper- ational Test and Evaluation (OT&E) may unexpectedly lead to unsafe or severe impacts for the field devices or the underlying physical process. This document describes an assessment methodology that addresses vulnerabilities, mitigations, and safe OT&E. Acknowledgements The authors would like to acknowledge the funding and technical support from the Office of the Director, Operational Test and Evaluation (DOT&E) for the development of thismore »« less
https://doi.org/10.2172/1494181

Full Text Available
Cyber Threat and Vulnerability Analysis of the U.S. Electric Sector

Technical Report Glenn, Colleen; Sterbentz, Dane; Wright, Aaron

With utilities in the U.S. and around the world increasingly moving toward smart grid technology and other upgrades with inherent cyber vulnerabilities, correlative threats from malicious cyber attacks on the North American electric grid continue to grow in frequency and sophistication. The potential for malicious actors to access and adversely affect physical electricity assets of U.S. electricity generation, transmission, or distribution systems via cyber means is a primary concern for utilities contributing to the bulk electric system. This paper seeks to illustrate the current cyber-physical landscape of the U.S. electric sector in the context of its vulnerabilities to cyber attacks,more »« less
https://doi.org/10.2172/1337873

Full Text Available
Concept for Cyber-Physical Consequence Process

Technical Report Rieger, Craig; O'Brien, Barry; Barnes, Kevin; ...

The Department of Homeland Security’s Office of Cyber and Infrastructure Analysis (DHS/OCIA) has a mission and vision that promotes innovation as central to expanding the organization’s capability to conduct consequence analysis. To pursue such innovation, OCIA is sponsoring a seedling effort with Idaho National Laboratory (INL) to leverage data from the proposed Automated Vulnerability Assessment (AVA) capability, which the DHS Science and Technology (S&T) Directorate is developing through a separate INL effort. The first phase of this effort is to develop a process by which recognized vulnerabilities can be scored relative to importance, reflected primarily in the ability to initiatemore »« less
https://doi.org/10.2172/1482997

Full Text Available
DOE/DHS Industrial Control System Cyber Security Programs: A Model for Use in Nuclear Facility Safeguards and Security

Conference Anderson, Robert; Bjornard, Trond; Schanfein, Mark; ...

Many critical infrastructure sectors have been investigating cyber security issues for several years especially with the help of two primary government programs. The U.S. Department of Energy (DOE) National SCADA Test Bed and the U.S. Department of Homeland Security (DHS) Control Systems Security Program have both implemented activities aimed at securing the industrial control systems that operate the North American electric grid along with several other critical infrastructure sectors (ICS). These programs have spent the last seven years working with industry including asset owners, educational institutions, standards and regulating bodies, and control system vendors. The programs common mission is tomore »« less
Full Text Available

Similar Records