The Ukraine power grid cyberattack continued to dominate cybersecurity
news in February as various researchers reported findings from their
investigations of the incident. In other news, researchers discovered sustained
cyberattacks against Japan’s critical infrastructure, most likely perpetrated
by a nearby nation state. Amidst these reports, industrial and critical
infrastructure leaders met to discuss strategies and solutions to protect
against and respond to such attacks, and President Obama revealed his plan to
build a stronger cybersecurity defense posture for the U.S. Underlying these
events is the realization that the attacks against the Ukraine and Japan are
just the beginning.
Cyber-Attack Against Ukrainian Critical
Infrastructure (DHS
ICS-CERT, February 16, 2016)
DHS
researchers have confirmed that the attack on the Ukraine’s electric grid was
by remote control. Malware operated by attackers across the Internet took
control of a SCADA workstation and opened breakers in substations throughout
two power distribution systems. The attackers did this interactively, most
likely the same way a legitimate operator would, by bringing up screens for the
substations one after another and operating the breakers remotely. Firewalls
offer little protection against remote control attacks – once a connection
through a firewall is established, it always permits two-way communications. The
ICS-CERT recommends hardware-enforced unidirectional communications as one way
to eliminate the risk of this class of sophisticated attack.
Protecting
U.S. Innovation From Cyberthreats (WSJ, Feb. 9, 2016)
President
Obama took to the pen to announce his administration’s new Cybersecurity
National Action Plan, which emphasizes updating federal systems and appointing
a CISO to manage those changes. Additionally, the plan focuses on bi-partisan
and private sector collaboration, as well as public education to encourage safe
cyber practices. These proposed activities are all well and good, and over
time, can affect beneficial changes, but as Mr. Obama himself noted, “the
nation’s cyber adversaries [are] getting more sophisticated every day.” When it
comes to protecting critical infrastructure, time is not a luxury we have.
Industrial
Control System Security Gets Focused (Automation World, Feb. 11,
2016)
The 20th
annual ARC Industry Forum took place in early February, bringing together 700
participants to discuss innovation in industrial automation and manufacturing.
Not surprisingly, cybersecurity was an important topic at the event,
particularly as it relates to emerging trends, including IIoT and remote
access. Automation World’s Editor-in-Chief, David Greenfield, shines a light on
new cybersecurity developments, highlighting the shift from traditional
IT-style security to solutions designed specifically for industrial control
systems, including Waterfall’s Unidirectional
Security Gateways.
Ukraine
sees Russian hand in cyber attacks on power grid (Reuters, Feb. 12, 2016)
Poor relations between Kiev and Moscow
are likely behind the power grid cyberattack that hit Ukraine in December.
Hackers targeted three power distribution companies in December's attack.
Security software company, Trend Micro said it found the software used to
infect the Ukrainian utilities in the networks of a large Ukrainian mining
company and a rail company. Although no one is certain Russia was behind the
Ukraine power grid attack, one thing is certain: it is certainly possible to
take down a power grid with a cyberattack.
Japan's critical infrastructure under 'escalating'
cyber attack, says report (ZDNet, Feb.
23, 2016)
According to
security researchers at Cylance, Japanese critical infrastructure is under
attack by as-yet unnamed attackers. Citing the sophistication, skillset and
financial requirements of the attacks, Cylance believes the attacks are linked
to a nation state, likely China or North Korea. Too often, industrial control
system (ICS) sites dismiss these sophisticated cyber-espionage attacks,
believing there is “nothing worth stealing.” These sites need only look at the
recent Ukraine remote control access to recognize the naiveté of that belief.
ICS sites urgently need to deploy strong protections against targeted attacks,
before any more damage is done.
To learn more about
the risks facing industrial control security networks, visit our resources page.