Compromised Remote Site | The Top 20 Cyber Attacks on Industrial Control Systems #15 | iSi

Dig deeper - download the accompanying ebook here

OT / industrial / ICS cybersecurity concepts from the perspective of the world’s most secure industrial sites. Truly secure sites ask different questions, and so get different answers. Subscribe to never miss an episode

EPS. 15 – Compromised Remote Site
In a SCADA system such as might control an electric distribution system or water distribution system, an attacker targets a substation or pumping station that is physically remote from any potential witnesses. The attacker physically cuts the padlock on a wire fence around the remote station and enters the physical site. The attacker locates the control equipment shed typically the only roofed building at the site and again forces the door to gain entry to the shed. The attacker finds the only rack in the small site, plugs a laptop into the Ethernet switch in the rack, and tapes the laptop to the bottom of a piece of computer equipment low in the rack where it is unlikely to be detected. The attacker leaves the site. An investigation ensues, but the investigators find only physical damage and nothing apparently missing. The extra laptop low in the rack is not noticed. A month later, the attacker parks a car near the remote site and interacts with the laptop via Wi-Fi, enumerating the network and discovering the connections back into the central SCADA site. The attacker uses the laptop to break into equipment at the remote site, and from there into the central SCADA system. The attacker then uses Ukraine style techniques to cause physical shutdowns.

These Top 20 attacks have been selected to represent cyber threats to industrial sites across a wide range of circumstances, consequences and sophistication. No industrial operation is free of risk, and different industrial enterprises may legitimately have different “appetites” for certain types of risks. In this series we show how to use the Top 20 Cyberattacks to compare the strength of two security postures at a hypothetical water treatment plant: Defence in depth 2013 (software based security) vs. that same security posture plus a unidirectional security gateway device providing hardware enfonced security). We ask the question, does either defensive posture reliably defeat each attack? Over the course of 20 episodes we build a score card that can be used to easily communicate risk reduction benefits to business decision makers who are not familiar with cyber security.

At Waterfall, Andrew leads a team of experts who work with the world’s most secure industrial sites. He is author of two books on industrial security, a co-author of the Industrial Internet Consortium’s Security Framework, and the co-host of the Industrial Security Podcast. Andrew spent 35 years designing SCADA system products for Hewlett Packard, IT/OT connectivity products for Agilent Technologies, and OT/ICS security products for Industrial Defender and Waterfall Security Solutions.


Newsletter Signup