Not all control system cyber incidents are malicious cyberattacks. They can be accidents or errors, too. In their haste to find OT cyberattacks, the OT cybersecurity community, including regulators, continue to jump to conclusions about what are OT cyberattacks while at the same time ignoring incidents that don’t look like cyber incidents they are used to seeing. The OT cybersecurity community reacted similarly to both the April 2025 Norwegian Dam and the February 2021 Oldsmar, Florida “cyber” incidents calling them cyberattacks. The misguided identification of OT glitches as cyberattacks while at the same time the inability to identify control system incidents as being cyber-related is becoming more dangerous. There is a need for training in how to identify a control system cyber incident as being cyber-related as millions have already occurred. Some discernment—and the forensics to support that discernment—is clearly in order.
Wed, Jul 9
Misguided response to the Norwegian Dam and Oldsmar “cyberattacks”
3