"Cyber security often focuses on the vulnerabilities of commercial off-the-shelf software and Internet access, with the primary concern being malicious activity. There have been fewer discussions about control system cyber security and how control system cyber security policies and countermeasures can potentially preclude, or minimize, the impacts of a control system cyber security event. This paper examines an actual control system cyber security event that resulted in significant environmental and economic damage as well as deaths. In this case, operating policies and procedures had readily identifiable cyber security vulnerabilities. The paper examines the timelines, control system response, and control system policies that were in effect at the time of the event. The paper then identifies the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53, 'Recommended Security Controls for Federal Information Systems', management, operational, and technical safeguards or countermeasures that, if implemented, could have prevented the event."
National Institute of Standards and Technology: http://www.nist.gov/