Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Ukrainian power grid hack: What happened and what needs to change?

Adam Meyer, chief security strategist, SurfWatch Labs | Jan. 15, 2016
The Ukrainian power grid hack that reportedly left 700,000 homes in the dark just before Christmas highlights how the critical infrastructure sectors must step up to the plate and work harder to keep the bad guys out.

The Ukrainian power grid hack that reportedly left 700,000 homes in the dark just before Christmas highlights how the critical infrastructure sectors must step up to the plate and work harder to keep the bad guys out.

It is a safe bet that few industrial control systems (ICS) critical infrastructure organizations would rate their cybersecurity as excellent. If they know this, the hackers do too and that makes them an easy target. In the Ukrainian instance, the payload was delivered via spear phishing exploits and then looked for a certain running process common to SCADA systems. When it found it, it killed the process and overwrote it, effectively making the device useless.

There was nothing uncommon about the hackers’ payload delivery and therefore it was something that could have been prevented or, at a minimum, limited the likelihood of occurrence with extra training on the user environment.  But ICS critical infrastructure does have unique challenges due to the very nature of the business:

* Siloed culture – Traditional IT groups and their Operational Technology (OT) counterparts are distinct silos. If they do not define clear roles and work together toward a common goal, the organization becomes its own worst enemy. OT teams who have little experience with IT are on a steep learning curve, and IT groups who have the experience with the technology generally do not understand the OT needs of the organization. This causes organizational friction and poor communication that malicious actors are more than happy to exploit

* New technology, no training – As legacy SCADA systems sunset and organizations refresh their technology, many groups who grew up in the analog world are finding themselves in a foreign digital and interconnected world. This convergence is creating an interoperability risk that opens the doors to adversaries. As employees with little IT background start operating IT based equipment, it takes time for them to understand the risk for devices that previously did not have corporate connectivity.  Even worse, some of those devices are exposed to the internet, increasing this risk. This allows attackers to use traditional avenues to establish a presence in the SCADA environment. The combination of ICS technology convergence coupled with a culture not prepared to handle the issue will likely be a primary factor of an ICS breach.

* Misguided Vendors – Silicon Valley vendors generally do not understand the OT environment and, as a result, end up falling short on their needs. On the flip side, traditional ICS vendors see the technology market growing and, to grow business, start offering IT based solutions without fully understand today's cyber risk landscape.  The risk is having OT groups who don’t fully understand the cyber risk landscape entering into contractual agreements with vendors who don’t fully understand them either. In the end, we are vulnerable because we deploy vulnerable systems.

 

1  2  Next Page 

Sign up for Computerworld eNewsletters.