Intrusion Detection Systems

Industrial Control Systems security


SANS ICSThis post was written by Michael J. Assante, SANS ICS Director:

After analyzing the information that has been made available by affected power companies, researchers, and the media it is clear that cyber attacks were directly responsible for power outages in Ukraine. The SANS ICS team has been coordinating ongoing discussions and providing analysis across multiple international community members and companies. We assess with high confidence based on company statements, media reports, and first-hand analysis that the incident was due to a coordinated intentional attack.

The attackers demonstrated planning, coordination, and the ability to use malware and possible direct remote access to blind system dispatchers, cause undesirable state changes to the distribution electricity infrastructure, and attempt to delay the restoration by wiping SCADA servers after they caused the outage. This attack consisted of at least three components: the malware, a denial of service to the phone systems, and the missing piece of evidence of the final cause of the impact. Current evidence and analysis indicates that the missing component was direct interaction from the adversary and not the work of malware. Or in other words, the attack was enabled via malware but consisted of at least three distinct efforts.

Screen Shot 2016-01-06 at 10.12.55 PMThe Multiple Elements
The cyber attack was comprised of multiple elements which included denial of view to system dispatchers and attempts to deny customer calls that would have reported the power out. We assess with high confidence that there were coordinated attacks against multiple regional distribution power companies. Some of these companies have been reported by media to include specifically named utilities such as Prykarpattyaoblenergo and Kyivoblenergo. The exact timeline for which utilities were affected and their ordering is still unclear and is currently being analyzed. What we do know is that Kyivoblenergo provided public updates to customers, shown below, indicating there was an unauthorized intrusion (from 15:30 ? 16:30L) that disconnected 7 substations (110 kV) and 23 (35 kV) substations leading to an outage for 80, 000 customers.

The key significance here is that 80, 000 customers comprise a significant portion of their residential load. Power was restored to all customers by (18:56L). They also reported technical failures with their call line interfering with receiving customer's calls as shown below.



Share this article





Related Posts



Latest Posts
Subsea control Systems Wiki
Subsea control…
Design and installation considerations…
Proximity Card Access Control Systems
Proximity Card…
(586) 803-3 Technology has come so far…
Kaba Access Control System
Kaba Access Control…
Balancing your company’s changing security…
Commercial Access Control Systems
Commercial Access…
Alarm New England employs devices like…
New system of financial control and budgeting
New system of…
Budgets communicate desired fiscal performance…
Search
Featured posts
  • Types of Industrial Control Systems
  • What is Industrial Control Systems?
  • Industrial Control Systems Cyber security
  • ICS Industrial Control Systems
  • NIST Industrial Control Systems
  • Cybersecurity for Industrial Control Systems
  • Cyber security (industrial Control systems)
  • Access Control Security Systems
  • Internal control systems are
Copyright © 2019 l www.oliver-control.com. All rights reserved.