Power Plants and Disruption

From: Peter Bernard Ladkin < >
Date: Wed, 23 Mar 2016 07:55:14 +0100

There have been a couple of recent articles in the Risks Digest about the December 2015 disruption of power supply in some parts of the Ukraine. See https://catless.ncl.ac.uk/Risks/29.37.html and https://catless.ncl.ac.uk/Risks/29.38.html . A lot is being made of a couple of pieces of malware which the disruptors used. Indeed, if you read many of the reports of the incident on the WWW, this is most of what they talk about. It is clear that there was a cyberattack. But the cyberattack per se did not cause the electricity-supply outages, according to the SANS report http://ics.sans.org/media/E-ISAC_SANS_Ukraine_DUC_5.pdf

The outages were caused by human action using valid authentication to the control systems. Nothing new there, not even much of interest to cybersecurity people. Apparently nobody knows who they were. I noted in a note submitted to Risks that Ukraine is undergoing civil war. It could have been legitimate personnel undertaking a hostile act. Or it could have been intruders who obtained authentication credentials using any of the well-known means.

Infrastructural cybersecurity, though, is a big issue in general. Half a decade after Stuxnet, it appears that many operations personnel in civil nuclear facilities still think that systems which are "air gapped" are not vulnerable to malware, and plug their BYOD in. This from a recent report by Chatham House at
https://www.chathamhouse.org/publication/cyber-security-civil-nuclear-facilities-understanding-risks . It caused quite a stir when published in October 2015 but our community seems to have missed it. I participated last week in a consultation on it. I also have a blog post at http://www.abnormaldistribution.org/2016/03/23/power-plants-and-cyberawareness/ which contains a fair number of links.

You can see why cybersecurity is low on the list of concerns. Do a trivial, intuitive hazard analysis. People in nuclear power plants have to worry about the condition and operation of valves, pipes, turbines, pumps and pressure vessels, the maintenance of the reactor(s) in a steady state, and the condition of the local fuel and spent-fuel storage. That is all stuff which causes real, instant or semi-instant damage if it goes wrong. Compared with which, the computer systems? Well, bah humbug. They don't blow up, distribute becquerels or any other nasties. The company pays people to keep them clean and running and they come and look at them every so often.

The trouble with this trivial, intuitive hazard analysis is that it is increasingly wrong about the criticality of the computer-based systems, as the Chatham House report points out.

PBL Prof. Peter Bernard Ladkin, Faculty of Technology, University of Bielefeld, 33594 Bielefeld, Germany Je suis Charlie
Tel+msg +49 (0)521 880 7319 www.rvs.uni-bielefeld.de

The System Safety Mailing List
systemsafety_at_xxxxxx Received on Wed Mar 23 2016 - 07:55:21 CET

This archive was generated by hypermail 2.3.0 : Fri Apr 19 2019 - 12:17:07 CEST