The Ukraine power grid cyberattack continued to dominate cybersecurity news in February as various researchers reported findings from their investigations of the incident. In other news, researchers discovered sustained cyberattacks against Japan’s critical infrastructure, most likely perpetrated by a nearby nation state. Amidst these reports, industrial and critical infrastructure leaders met to discuss strategies and solutions to protect against and respond to such attacks, and President Obama revealed his plan to build a stronger cybersecurity defense posture for the U.S. Underlying these events is the realization that the attacks against the Ukraine and Japan are just the beginning.
Cyber-Attack Against Ukrainian Critical Infrastructure (DHS ICS-CERT, February 16, 2016)
DHS researchers have confirmed that the attack on the Ukraine’s electric grid was by remote control. Malware operated by attackers across the Internet took control of a SCADA workstation and opened breakers in substations throughout two power distribution systems. The attackers did this interactively, most likely the same way a legitimate operator would, by bringing up screens for the substations one after another and operating the breakers remotely. Firewalls offer little protection against remote control attacks – once a connection through a firewall is established, it always permits two-way communications. The ICS-CERT recommends hardware-enforced unidirectional communications as one way to eliminate the risk of this class of sophisticated attack.
Protecting U.S. Innovation From Cyberthreats (WSJ, Feb. 9, 2016)
President Obama took to the pen to announce his administration’s new Cybersecurity National Action Plan, which emphasizes updating federal systems and appointing a CISO to manage those changes. Additionally, the plan focuses on bi-partisan and private sector collaboration, as well as public education to encourage safe cyber practices. These proposed activities are all well and good, and over time, can affect beneficial changes, but as Mr. Obama himself noted, “the nation’s cyber adversaries [are] getting more sophisticated every day.” When it comes to protecting critical infrastructure, time is not a luxury we have.
Industrial Control System Security Gets Focused (Automation World, Feb. 11, 2016)
The 20th annual ARC Industry Forum took place in early February, bringing together 700 participants to discuss innovation in industrial automation and manufacturing. Not surprisingly, cybersecurity was an important topic at the event, particularly as it relates to emerging trends, including IIoT and remote access. Automation World’s Editor-in-Chief, David Greenfield, shines a light on new cybersecurity developments, highlighting the shift from traditional IT-style security to solutions designed specifically for industrial control systems, including Waterfall’s Unidirectional Security Gateways.
Ukraine sees Russian hand in cyber attacks on power grid (Reuters, Feb. 12, 2016)
Poor relations between Kiev and Moscow are likely behind the power grid cyberattack that hit Ukraine in December. Hackers targeted three power distribution companies in December's attack. Security software company, Trend Micro said it found the software used to infect the Ukrainian utilities in the networks of a large Ukrainian mining company and a rail company. Although no one is certain Russia was behind the Ukraine power grid attack, one thing is certain: it is certainly possible to take down a power grid with a cyberattack.
Japan's critical infrastructure under 'escalating' cyber attack, says report (ZDNet, Feb. 23, 2016)
According to security researchers at Cylance, Japanese critical infrastructure is under attack by as-yet unnamed attackers. Citing the sophistication, skillset and financial requirements of the attacks, Cylance believes the attacks are linked to a nation state, likely China or North Korea. Too often, industrial control system (ICS) sites dismiss these sophisticated cyber-espionage attacks, believing there is “nothing worth stealing.” These sites need only look at the recent Ukraine remote control access to recognize the naiveté of that belief. ICS sites urgently need to deploy strong protections against targeted attacks, before any more damage is done.
To learn more about the risks facing industrial control security networks, visit our resources page.