OT/ICS Security – Understanding, Differentiating, and Reporting OT Infrastructure Compromises

In the interest of incident reporting it is important to be able to identify and differentiate types of incidents being reported. It is also important to be able to understand the difference between an actual attack and an unintentional incident that may have attack-like consequences. Given cross-sector dependencies, some water and wastewater utilities closely track and apply NERC CIP regulations even though they aren’t required. NERC CIP 008-6 became mandatory on January 1, 2021 and requires bulk power system utilities to report attempts to compromise their infrastructure and operations. Tenable discusses some of the challenges of reporting, notably how to correctly differentiate attempts to compromise the environment from human errors and routine events. Read more at Tenable.

In a somewhat related post by industry veteran Joe Weiss, he reminds us of how OT/ICS related incidents often go unreported due to a lack of understanding of incidents occurring at analog or serial levels being generally not identified as cyber-related. Joe does make some perceived brash comments in this post, but backs up his perspective with a recent example on the types of incidents that are not understood as being cyber-related and are often not shared within their own organization or the rest of industry. Read more on the Unfettered Blog at Control Global.