The article argues that control system cyber incidents are not the same as ordinary network breaches, even though they are often grouped together under the same “cyber” label. It explains that traditional IT and network security usually focuses on malicious events like ransomware and data theft, while control system security is about whether a cyber-related issue affects a real physical process—such as sensor signals, control logic, visibility, or the ability to operate equipment safely. Because of that, many serious industrial incidents may be missed or underestimated if people only look for classic network intrusions.

It also says this difference makes many common cyber reports misleading for industrial environments. The author compares Verizon-style incident statistics, which are centered on breaches and data loss, with his own control-system incident database, which tracks operational impacts like loss of control, loss of view, equipment damage, and even environmental or safety consequences. His main message is that IT security teams and engineering teams need a shared definition of cyber incidents—and better control-system-specific training—otherwise they will keep measuring two very different things as if they were the same.

‍

Source: https://www.controlglobal.com/blogs/unfettered/blog/55360358/control-system-cyber-incidents-are-not-the-same-as-network-breaches