The Claroty Blog

OT/ICS News Roundup: Week Ending 7.20.18

| Patrick McBride, Dave Weinstein

Here are a few stories that turned our heads in Operational Technology (OT)/ Industrial Control Systems (ICS) security over the past week:

 

Dark Reading: SCADA/ICS Dangers & Cybersecurity Strategies

A large number of government agencies and private organizations have SCADA (supervisory control and data acquisition) or industrial control systems (ICS). The benefits of these technologies come with significant security challenges. In a recent survey by Forrester commissioned by Fortinet, nearly six in 10 surveyed organizations using SCADA or ICS indicate that they experienced a breach in those systems in the past year.

Part of the challenge is that these systems are being used to manage not only their traditional OT (operational technology) infrastructures but also a host of new Industrial Internet of Things (IIoT) devices. What's more, many of those organizations are adding to their risk by providing new technologies and partners with a high level of access into their systems. In addition, most organizations now report developing connections between their traditional IT systems and their SCADA/ICS, introducing the potential for outside hackers to penetrate into these control systems.

Our Take: While not new news, the survey results do help illustrate a key portion of the ‘perfect storm’ we have discussed in the past - additional devices and interconnections between SCADA and ICS systems puts these critical systems at risk. We suspect that many of the  “breaches” companies faced in SCADA/ICS were the result of “collateral damage” in attacks that were not specifically targeting these networks.

 

The New York Times: ‘Warning Lights Are Blinking Red,’ Top Intelligence Officer Says of Russian Attacks

The nation’s top intelligence officer said on Friday that the persistent danger of Russian cyberattacks today was akin to the warnings the United States had of stepped-up terror threats ahead of the Sept. 11, 2001, attacks.

That note of alarm sounded by Dan Coats, the director of national intelligence, came on the same day that 12 Russian agents were indicted on charges of hacking the Democratic National Committee and Hillary Clinton’s presidential campaign. Mr. Coats said those indictments illustrated Moscow’s continuing strategy to undermine the United States’ democracy and erode its institutions.

“The warning lights are blinking red again,” Mr. Coats said as he cautioned of cyberthreats. “Today, the digital infrastructure that serves this country is literally under attack.”

Our Take: Without doubt, DNI Coats’ language is striking and any channeling of then-Director of Central Intelligence George Tenet’s pre-9/11 warning is likely to turn some heads on Capitol Hill.  Short of raising general awareness, though, comparing the Russian cyber threat to critical infrastructure today to the threat posed by jihadist terrorism threat at the turn of the century is not particularly helpful and in some cases, it’s outright alarmist.

 

Bloomberg: Duke Energy Hit by 650M Cyber Attempts to Breach Systems in 2017

Duke Energy Corp. was hit by more than 650 million cyber attempts to breach the utility’s systems in 2017, the company’s executive in charge of cybersecurity said July 13.

“We fully recognize we are a high-value target for anyone who wants to do anything nefarious to critical infrastructure,” Brian Harrell, Duke’s managing director of Enterprise Protective Services, said at an event at George Washington University’s Center for Cyber and Homeland Security

“The fact that we have this statistic means that we are focused on it, we are looking at it, we are monitoring it, we’re penetrating our own system to ensure that we are moving the envelope,” said Harrell, who is also a senior fellow at the George Washington center.

Our Take: It’s clear that Duke and other owners and operators of critical infrastructure, especially in the public utility sector, are not standing by idly as a range of actors probe their networks for vulnerabilities and attempt to gain a persistent foothold in industrial control systems.  Indeed Duke is not alone when it comes to public utilities facing a barrage of malicious cyber activity.

 

FCW: Dam cyber: Interior IG closes out audit of hydroelectric control systems

The inspector general for the Department of the Interior has closed out an investigation into cybersecurity concerns surrounding hydroelectric dams.

In a partially redacted memo dated July 12, Jefferson Gilkeson, director of information technology audits for Interior OIG, informed the commissioner of the U.S. Bureau of Reclamation (USBR) that auditors have completed the second and final part of their report evaluating potential cybersecurity weaknesses associated with five hydroelectric dams managed and operated by the bureau.

Our Take: America’s Nation’s dams are among the more vulnerable and targeted critical infrastructure assets in the country.  And in terms of criticality, they are right up there with the electric grid, nuclear power plants, and water treatment facilities.  As the IG’s report confirms, basic cyber hygiene is a great way to reduce these vulnerabilities and make it harder and more costly for hackers to access hydroelectric control systems.  

Subscribe to the Blog