If you don’t have the time to read a 120 page report, take a quick look at the 19 report overview slides. A true, directed cyber or blended attack is what makes risk management for control system cyber security so difficult. Talk to an moderately skilled hacker with control system knowledge and then will tell you how it is very possible, but it has not been publicly acknowledged to have happened yet – – zero is the ultimate low frequency.
A Coordinated Cyber, Physical and Blend Attacks is one of the three identified Principal HILF Risks in the report. The summary lists information sharing, better forensics and including HILF in system planning and design. There are nine recommendations in the report.
I was well along the path of dismissing the report as just another exercise of 100 plus people putting together a report to be filed away – an admitted knee jerk reaction to the words information sharing. Then I saw this short passage on page 10:
network architectures to support graceful system degradation that would allow operators to “fly with fewer controls.” Component and system design criteria should also be reevaluated with respect to these threats and an eye toward designing for survivability.
This is an important concept that doesn’t get enough attention and requires a mind shift, especially with cyber attacks. For decades the community has built systems with redundancies to deal with failures, but a cyber attack will just as easily take out the exact same / redundant system. Recovery from and resiliency to a cyber attack that is taking out all key devices or a certain type in the control system deserves more attention from vendors and owner/operators.
One last thought on the HILF. The other two areas are Pandemics and EMI/EMP. Of the three areas and other possible HILF’s, the cyber attack is the area where the most people and organizations are developing the capability to achieve this. It has a low price barrier to entry, has a large and growing number of people with the skills to do this, and can be done remotely. The “Low Frequency” will be increasingly due to the lack of desire or will to achieve this rather than the capability to do this.