Intrusion Detection Systems

Industrial Control Systems security

SANS ICSThis post was written by Michael J. Assante, SANS ICS Director:

After analyzing the information that has been made available by affected power companies, researchers, and the media it is clear that cyber attacks were directly responsible for power outages in Ukraine. The SANS ICS team has been coordinating ongoing discussions and providing analysis across multiple international community members and companies. We assess with high confidence based on company statements, media reports, and first-hand analysis that the incident was due to a coordinated intentional attack.

The attackers demonstrated planning, coordination, and the ability to use malware and possible direct remote access to blind system dispatchers, cause undesirable state changes to the distribution electricity infrastructure, and attempt to delay the restoration by wiping SCADA servers after they caused the outage. This attack consisted of at least three components: the malware, a denial of service to the phone systems, and the missing piece of evidence of the final cause of the impact. Current evidence and analysis indicates that the missing component was direct interaction from the adversary and not the work of malware. Or in other words, the attack was enabled via malware but consisted of at least three distinct efforts.

Screen Shot 2016-01-06 at 10.12.55 PMThe Multiple Elements
The cyber attack was comprised of multiple elements which included denial of view to system dispatchers and attempts to deny customer calls that would have reported the power out. We assess with high confidence that there were coordinated attacks against multiple regional distribution power companies. Some of these companies have been reported by media to include specifically named utilities such as Prykarpattyaoblenergo and Kyivoblenergo. The exact timeline for which utilities were affected and their ordering is still unclear and is currently being analyzed. What we do know is that Kyivoblenergo provided public updates to customers, shown below, indicating there was an unauthorized intrusion (from 15:30 ? 16:30L) that disconnected 7 substations (110 kV) and 23 (35 kV) substations leading to an outage for 80, 000 customers.

The key significance here is that 80, 000 customers comprise a significant portion of their residential load. Power was restored to all customers by (18:56L). They also reported technical failures with their call line interfering with receiving customer's calls as shown below.

Share this article

Related Posts

Latest Posts
System Controls Technology Solutions Pvt Ltd
System Controls…
Bosch Chassis Systems India Pvt. Ltd…
Sequential control definition
Sequential control…
Summary: In interface design favor direct…
Solar system controller
Solar system…
What follows is a summary of our white…
Types of Electrical control Systems
Types of Electrical…
Before I introduce you the theory of…
Adaptive Cruise control Systems
Adaptive Cruise…
Two companies are developing a more advanced…
Featured posts
  • Types of Industrial Control Systems
  • What is Industrial Control Systems?
  • Industrial Control Systems Cyber security
  • ICS Industrial Control Systems
  • NIST Industrial Control Systems
  • Cybersecurity for Industrial Control Systems
  • Cyber security (industrial Control systems)
  • Access Control Security Systems
  • Access Control Security Systems PDF
Copyright © 2024 l All rights reserved.