Intrusion Detection Systems

Industrial Control Systems security

SANS ICSThis post was written by Michael J. Assante, SANS ICS Director:

After analyzing the information that has been made available by affected power companies, researchers, and the media it is clear that cyber attacks were directly responsible for power outages in Ukraine. The SANS ICS team has been coordinating ongoing discussions and providing analysis across multiple international community members and companies. We assess with high confidence based on company statements, media reports, and first-hand analysis that the incident was due to a coordinated intentional attack.

The attackers demonstrated planning, coordination, and the ability to use malware and possible direct remote access to blind system dispatchers, cause undesirable state changes to the distribution electricity infrastructure, and attempt to delay the restoration by wiping SCADA servers after they caused the outage. This attack consisted of at least three components: the malware, a denial of service to the phone systems, and the missing piece of evidence of the final cause of the impact. Current evidence and analysis indicates that the missing component was direct interaction from the adversary and not the work of malware. Or in other words, the attack was enabled via malware but consisted of at least three distinct efforts.

Screen Shot 2016-01-06 at 10.12.55 PMThe Multiple Elements
The cyber attack was comprised of multiple elements which included denial of view to system dispatchers and attempts to deny customer calls that would have reported the power out. We assess with high confidence that there were coordinated attacks against multiple regional distribution power companies. Some of these companies have been reported by media to include specifically named utilities such as Prykarpattyaoblenergo and Kyivoblenergo. The exact timeline for which utilities were affected and their ordering is still unclear and is currently being analyzed. What we do know is that Kyivoblenergo provided public updates to customers, shown below, indicating there was an unauthorized intrusion (from 15:30 ? 16:30L) that disconnected 7 substations (110 kV) and 23 (35 kV) substations leading to an outage for 80, 000 customers.

The key significance here is that 80, 000 customers comprise a significant portion of their residential load. Power was restored to all customers by (18:56L). They also reported technical failures with their call line interfering with receiving customer's calls as shown below.

Share this article

Related Posts

Latest Posts
Defined Process control system
Defined Process…
Basics of Process Control Systems In…
Automation control Systems
Automation control…
Technology is advancing at an incomprehensible…
What is control loop?
What is control…
Beside stability and quality of control…
Business planning and control Systems
Business planning…
One way that Business Planning and Control…
Automation Controllers
Automation Controllers
Advantech PAC, APAX-5 control IPC series…
Featured posts
  • Types of Industrial Control Systems
  • What is Industrial Control Systems?
  • Industrial Control Systems Cyber security
  • ICS Industrial Control Systems
  • NIST Industrial Control Systems
  • Cybersecurity for Industrial Control Systems
  • Cyber security (industrial Control systems)
  • Access Control Security Systems
  • Access Control Security Systems PDF
Copyright © 2020 l All rights reserved.