It’s no surprise the cyberattack on Ukraine’s power grid dominated
industrial control system (ICS) cybersecurity news in January. Following the
news of the power outages and subsequent discovery of malware and other signs
of a purposeful network intrusion, cybersecurity experts, DHS and others have
revealed alarming instances of cyberattacks, increasing vulnerabilities and
lack of adequate cyberdefenses at industrial and nuclear sites, dams and other
critical infrastructure. Perhaps the Ukraine attack is the wake up call the
industry needs to escalate its investment in cybersecurity protections, such as
Unidirectional
Security Gateways. In the meantime, learn more in our roundup of
these stories below.
Confirmation
of a Coordinated Attack on the Ukrainian Power Grid (SANS,
Jan. 9, 2016)
With all security eyes on the Ukraine’s Prykarpattyaoblenergo
utility, SANS ICS concluded hackers likely caused the outage by remotely
switching breakers, after installing malware that prevented technicians from
detecting the intrusion. The key takeaway is that malware may have enabled the
attack, but it was hackers’ remote access to critical operational networks that
resulted in the outage.
U.S.
official sees more cyber attacks on industrial control systems (Reuters,
Jan. 13, 2016)
While presenting at the S4x16 conference
in Miami, Marty Edwards, head of the DHS ICS-CERT, cited increased Internet
connectivity and associated vulnerabilities as the main reason behind the rise
in cyberattacks on ICS networks. Others aren’t convinced, believing the recent
Ukraine power grid attack has prompted authorities to look for signs of
intrusion that may not necessarily be intentionally harmful events. From our
perspective, any external intrusion – or even attempted intrusion – of ICSs is
potentially harmful and should be taken seriously. Further, there is no doubt
whatsoever that connecting critical infrastructure directly to the Internet or
indirectly to Internet-accessible networks creates significant vulnerabilities.
Nuclear Facilities in 20 Countries May Be Easy
Targets for Cyberattacks (New York Times, Jan. 14, 2016)
According to a distressing report by
the Nuclear Threat Initiative, 20 nations have no apparent government
regulations requiring minimal protection of nuclear power plants or atomic
stockpiles against cyberattacks. The U.S. and many other countries have adopted
strong security postures including physical security measures, removable device
controls, and Unidirectional Security Gateways. This is standard practice in
many jurisdictions and is something that should become standard worldwide for
nuclear facilities.
Cybersecurity:IT vs. OT, and the Pursuit of Best Practices (Electricity Policy, January 2016)
In this article, industry experts, Paul
Feldman, director of Midcontinent ISO, and Dan Hill, board member for the New
York ISO, explore the new threats to our power systems. They point out that
cybercriminal sophistication has outpaced the resulting regulations and urge
the Federal Energy Regulatory Commission (FERC) and the North American Electric
Reliability Corporation (NERC) to establish industry regulations that reflect
the current threat landscape. Hill and Feldman point out that adequate,
modern ICS security is very different from doing the minimum to be in
compliance and recommend the use of unidirectional security gateways to eliminate
the threat of remote-control and other network attacks from business networks
and from the Internet.
NSA Hacking
Chief: Internet of Things Security Keeps Me Up at Night (MIT
Technology Review, Jan. 28, 2016)
Rob Joyce, chief of the NSA’s Tailored
Access Operations unit, shook up the SCADA security community when he stated, “SCADA
security is something that keeps me up at night.” Referring to the thousands of
ICSs, such as power plants and other critical infrastructure, that are
connected to the Internet without proper protections in place, Joyce singled
out heating and cooling systems as examples that nation-state hackers can use
to infiltrate control systems. He knows this to be true since these same
systems are used as points of ingress by his own team. As alarming as this
seems, it’s the reality we face as more and more industrial control systems are
connected to the Internet.
To learn more about
the risks facing industrial control security networks, visit our resources page.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.