Intrusion Detection Systems

Industrial Control Systems security


SANS ICSThis post was written by Michael J. Assante, SANS ICS Director:

After analyzing the information that has been made available by affected power companies, researchers, and the media it is clear that cyber attacks were directly responsible for power outages in Ukraine. The SANS ICS team has been coordinating ongoing discussions and providing analysis across multiple international community members and companies. We assess with high confidence based on company statements, media reports, and first-hand analysis that the incident was due to a coordinated intentional attack.

The attackers demonstrated planning, coordination, and the ability to use malware and possible direct remote access to blind system dispatchers, cause undesirable state changes to the distribution electricity infrastructure, and attempt to delay the restoration by wiping SCADA servers after they caused the outage. This attack consisted of at least three components: the malware, a denial of service to the phone systems, and the missing piece of evidence of the final cause of the impact. Current evidence and analysis indicates that the missing component was direct interaction from the adversary and not the work of malware. Or in other words, the attack was enabled via malware but consisted of at least three distinct efforts.

Screen Shot 2016-01-06 at 10.12.55 PMThe Multiple Elements
The cyber attack was comprised of multiple elements which included denial of view to system dispatchers and attempts to deny customer calls that would have reported the power out. We assess with high confidence that there were coordinated attacks against multiple regional distribution power companies. Some of these companies have been reported by media to include specifically named utilities such as Prykarpattyaoblenergo and Kyivoblenergo. The exact timeline for which utilities were affected and their ordering is still unclear and is currently being analyzed. What we do know is that Kyivoblenergo provided public updates to customers, shown below, indicating there was an unauthorized intrusion (from 15:30 ? 16:30L) that disconnected 7 substations (110 kV) and 23 (35 kV) substations leading to an outage for 80, 000 customers.

The key significance here is that 80, 000 customers comprise a significant portion of their residential load. Power was restored to all customers by (18:56L). They also reported technical failures with their call line interfering with receiving customer's calls as shown below.



Share this article





Related Posts



Latest Posts
Effective control System in Management
Effective control…
Controls at every level focus on inputs…
Inventory control Management System
Inventory control…
An inventory management system combines…
What is System Management Controller?
What is System…
Oh, no. Oh, crap. Your machine won’t…
Effective internal control systems
Effective internal…
Internal Controls are to be an integral…
System control Manager
System control…
System Control Manager is Windows-based…
Search
Featured posts
  • Types of Industrial Control Systems
  • What is Industrial Control Systems?
  • Industrial Control Systems Cyber security
  • ICS Industrial Control Systems
  • NIST Industrial Control Systems
  • Cybersecurity for Industrial Control Systems
  • Internal control systems are
  • PCI lighting control systems
  • Access Control Systems Sydney
Copyright © 2019 l www.oliver-control.com. All rights reserved.