Malicious Outsourcing | The Top 20 Cyber Attacks on Industrial Control Systems #13 | iSi

Dig deeper - download the accompanying ebook here

OT / industrial / ICS cybersecurity concepts from the perspective of the world’s most secure industrial sites. Truly secure sites ask different questions, and so get different answers. Subscribe to never miss an episode

EPS. 13 – Malicious Outsourcing
An industrial site has outsourced a remote support function to a control system component vendor for example: maintenance of the plant historian. The vendor has located their world wide remote support center in a country with an adequate supply of adequately educated personnel and low labour costs. A poorly paid technician at this support center finds a higher paying job elsewhere. On the last day of employment, this technician decides to take revenge on personnel at a specific industrial client the same personnel who recently complained to the technician’s manager about the technician’s performance. The technician logs into the client site using legitimately acquired remote access credentials, two factor credentials and the permanent VPN connection to the targeted site. The technician logs into all the site’s control system computers for which the credentials provide access and leaves a small script running on each that, one week later, erases the hard drives on each computer.

These Top 20 attacks have been selected to represent cyber threats to industrial sites across a wide range of circumstances, consequences and sophistication. No industrial operation is free of risk, and different industrial enterprises may legitimately have different “appetites” for certain types of risks. In this series we show how to use the Top 20 Cyberattacks to compare the strength of two security postures at a hypothetical water treatment plant: Defence in depth 2013 (software based security) vs. that same security posture plus a unidirectional security gateway device providing hardware enfonced security). We ask the question, does either defensive posture reliably defeat each attack? Over the course of 20 episodes we build a score card that can be used to easily communicate risk reduction benefits to business decision makers who are not familiar with cyber security.

At Waterfall, Andrew leads a team of experts who work with the world’s most secure industrial sites. He is author of two books on industrial security, a co-author of the Industrial Internet Consortium’s Security Framework, and the co-host of the Industrial Security Podcast. Andrew spent 35 years designing SCADA system products for Hewlett Packard, IT/OT connectivity products for Agilent Technologies, and OT/ICS security products for Industrial Defender and Waterfall Security Solutions.


Newsletter Signup