All Things SCADA

View Latest Activity

Home Forums Operational and Strategic Levels All Things SCADA

Viewing 8 reply threads
  • Author
    Posts
    • #96532
      Spoon
      Participant

        I felt like I was hijaking the Merchant Marine thread but I think this subject is worthy of discussion because it sounds like a significant national security threat but I don’t know a whole lot about it as I suspect others do not as well. I will start of with that my understanding is that SCADA networks are isolated from the internet. Anybody with knowledge feel free to drop on us ignorant people.

      • #96533
        Max
        Keymaster
        • #96534
          SeanT
          Keymaster

            whooboy
            SCADA is a topic a mile deep. Think about all of the industry that uses machines, those machines are controlled *somehow*. That somehow are SCADA systems. Generally they are isolated ‘networks’ that provide control and supervision of the operations of the widget. In a lot of cases, there is a bridge between the IT network and the ICS network and this is a 2 way street for the bad guys. They can compromise the ICS network, then move laterally into the IT network or the reverse… Phish a user on the IT network, then find the bridge to the ICS network.

            reference this analysis:
            TRISIS

            This is the first known malware that targets SAFETY systems. Compromises here can cost lives. This could be a big deal.

            SCADA systems do fall within the National Critical Infrastructure realm and to those whose job it is to defend this stuff, we have our work cut out for us for sure.
            US-CERT

            Take a look at one analysis done by US-CERT and you can get the idea how this can work.

            Here is how it went down already in the real world:

            Crash-Override

            ISAC

            Welcome to my world.

          • #96535
            Spoon
            Participant

              @seant… Thank you… Great information. Yeah I definitely underestimated that threat. The biggest question that comes to mind is how much attention does the federal government pay to this threat. Seems to me that there should regulation against bridging IT and ICS networks. But that doesn’t seem to be the case. Makes me think that not a lot of attention being paid to the threat. Albeit that would defend against a fifth column threat mentioned by Joe.

            • #96536
              JohnnyMac
              Participant

                Generally they are isolated ‘networks’ that provide control and supervision of the operations of the widget

                In my experience, it’s a super complicated cornucopia of software/applications within medium/large companies, some “connecting” to each other, or relying on an internet connection, sometimes not.

                I’ve experienced a business-wide, crippling cyber attack. It was rough. It made some things difficult (very few things impossible), nothing unsafe.

                In a separate organization, if there were a catastrophic failure, the potential public fatality numbers were estimated at 10,000 people from a risk assessment, if I remember correctly. There was obviously significant redundancies built into the systems, primarily electro-mechanical. A cyber attack would not have affected any of the casualty producing processes (short of maybe a few employees). The systems were “fail safe”, should water/electric/steam/etc be cut off. Physical threats/terrorism were a bigger threat, at least in my opinion.

                Are there potentially gaping holes in some random company out there that could cause widespread catastrophe, probably, but my point is that it’s not widespread. I would classify the risk as “a serious nuisance”, like a major hurricane or similar, not “republic ending”.

              • #96537
                Joe (G.W.N.S.)
                Moderator

                  Not all cyber attacks are created equal, a wide variety of capabilities are out there.

                  I’ll throw another little tidbit out there regarding SCADA…
                  B-)
                  …it’s not just a software and network communication issue.

                • #96538
                  Max
                  Keymaster

                    People still aren’t getting it, thinking I’m making this shit up like Chicken Little. We have always been ultra rational on this site, ebola, whatever. People just don’t know. The capability is there to shut the grid down. That’s not a company specific threat.

                    It’s a big issue at fedgov level. And it is not easy to fix. Who read the linked article, which in itself played the threat down? You have layers of systems reliant on each other, some with commodore 64 level IT, but you have to bw careful because ‘fixing’ one thing can break others down the line. It is a complex and vulnerable system. Even systems that are supposed off the network can be accessed when the tech guy plugs in with a wifi enabled sytem. Etc.

                    Anyway, TMI. Believe it. Not to say it will happen tomorrow, but state actors such as china have invested a lot of effort to breaking into systems. Given they supply the IT with backdoors built in, not so hard. Capability is out there and it is country-crippling if actioned.

                  • #96539
                    SeanT
                    Keymaster

                      Max definitely in not making things up. It’s mostly the Russian actors mucking about in ICS but other Nations also. The Chinese are pretty skillful in Cyber too. They have different motivations.
                      FedGov worries significantly about this type threat snd is working to consolidate and change the structures that support defense of these systems. Regulation here really won’t work. No real way to enforce compliance. The .gov didn’t help itself last year that well in going all chicken little about the Russians in the networks in their public disclosures but that is more about how to produce the info from classified reporting and get it to a tear line level then combine it.

                    • #96540
                      SeanT
                      Keymaster

                        Slide deck attached

                        This is TLP White:
                        TLP

                        It is a product that was an analyst to analyst brief in the Health Care realm.

                    Viewing 8 reply threads
                    • You must be logged in to reply to this topic.