Comment from Jake Brodsky
Time: April 21, 2008, 11:02 am

I agree, the cyber aspects of the Taum Sauk dam failure were incidental and nearly irrelevant.

This mistake happened because the Roadmap to Secure Control Systems in the Water Sector document referred to Taum Sauk as a cyber event. I’m pretty sure that others noticed this problem and did make comments on it. Apparently, that comment was somehow missed.

This is not a good mistake to make, it ruins not just the credibility of the report, but it reflects badly upon the whole SCADA security edifice.

Comment from amino world
Time: April 24, 2008, 5:46 pm

there are several of these events, i believe, that are considered ‘cyber’ because of the failure or error in an electronic component, especially one that might be targeted from outside the primary system. in this case, the things “causing erroneous water level readings” from the pressure transmitters contributed to the failure — and gaming process readings is certainly a viable attack vector to a SCADA/DCS system exploit. in this case, a failure in the backup shutdown system was also required to create the event, so it would have to be a mixed mode (cyber and physical) attack to be successful.

i agree that this specific event isn’t a good example of a cyber security event, but at least a portion of the contributing factors _could_be_ reproduced using cyber means. under this criteria, many physical/safety events may make folks think ‘cyber’ or remind us of similar cybersecurity exploits.