The Claroty Blog

Claroty in the News & OT/ICS News Roundup: Week Ending 8.17.18

| Patrick McBride, Dave Weinstein

Starting this week, we're adding a summary of recent news coverage featuring Claroty.  As always, we've also included our take on OT/ICS stories that turned our heads:

 In Case You Missed It: Claroty in the News

Fox News: Claroty's VP of Threat Research, Dave Weinstein, joined Mike Emanuel on Fox News to discuss Russia's ongoing attempts to disrupt U.S. elections and critical infrastructure.

Automation World: More commentary from Claroty VP of Threat Research, Dave Weinstein, and Automation World on the U.S. Department of Homeland Security reports of Russian infiltration of U.S. power generation utilities.

Security Week: Network segmentation can be one of the most impactful actions industrial asset owners can take to reduce the risk of a major security incident, but it's not easy. Claroty co-founder Galina Antova provides guidance on reducing the pain of segmentation.

Dark Reading: Claroty's Threat Research VP, Dave Weinstein discusses the security risks and business rewards of the interconnected industrial world.  Some argue for technological isolationism; we disagree.

Our Take on ICS/OT News From the Week

The Wall Street Journal: Trump, Seeking to Relax Rules on U.S. Cyberattacks, Reverses Obama Directive

President Trump has reversed an Obama-era memorandum dictating how and when the U.S. government can deploy cyberweapons against its adversaries, in an effort to loosen restrictions on such operations, according to people familiar with the action.

Mr. Trump signed an order on Wednesday reversing the classified rules, known as Presidential Policy Directive 20, that had mapped out an elaborate interagency process that must be followed before U.S. use of cyberattacks, particularly those geared at foreign adversaries.

Our Take: The details will be key here, but this is surely a welcomed development for the US military, which has long called for more flexibility in cyberspace.  It’s noteworthy, however, this news comes at a time when the Defense Secretary is considering splitting the “dual-hat” arrangement at Fort Meade and, of course, the US has taken a hard line on recent aggression in cyberspace by Russia and others.

eWEEK: Cyber-Security Failure Brings Societal Risks: Black Hat Researchers

The message was clear at this year's Black Hat conference: The "culture," for lack of a better term, of security must change, or society faces living in a world of perpetual cyber-risk.

"We need to be more ambitious, strategic and collaborative in our approach to defense," said keynote speaker Parisa Tabriz, director of engineering at Google. "We have to stop playing whack-a-mole."

Researchers demonstrated the ability to hack into a number of devices, which is nothing new, but these days more critical systems are being hacked, including commodity hardware controllers for SCADA (Supervisory Control and Data Acquisition) systems and Industrial Control Systems (ICS), as well as medical devices such as insulin pumps and pacemaker controllers.

Our Take: Parisa couldn’t have said it better.  We must shift our cybersecurity mindset from one that is highly tactical to strategic.  Indeed “SCADA” was a common buzzword at Black Hat and Defcon this year. We applaud all of the researchers’ contributions, but particularly those who participated in the ICS Village.  

WIRED: How Hacked Water Heaters Could Trigger Mass Blackouts

When the cybersecurity industry warns about the nightmare of hackers causing blackouts, the scenario they describe typically entails an elite team of hackers breaking into the inner sanctum of a power utility to start flipping switches. But one group of researchers has imagined how an entire power grid could be taken down by hacking a less centralized and protected class of targets: home air conditioners and water heaters. Lots of them.

At the Usenix Security conference this week, a group of Princeton University security researchers will present a study that considers a little-examined question in power grid cybersecurity: What if hackers attacked not the supply side of the power grid, but the demand side? In a series of simulations, the researchers imagined what might happen if hackers controlled a botnet composed of thousands of silently hacked consumer internet of things devices, particularly power-hungry ones like air conditioners, water heaters, and space heaters. Then they ran a series of software simulations to see how many of those devices an attacker would need to simultaneously hijack to disrupt the stability of the power grid.

Our Take: This research out of Princeton University is something we’re watching very closely.  As usual, the consequences tend to be exaggerated a bit but one thing is for certain: grid security is not just a supply-side problem. This is just one more example of how the Internet of Things is paradigm-shifting when it comes to how we think about industrial cybersecurity.

Subscribe to the Blog