Booz Allen Hamilton – Abstract

Ukraine Report: When the lights went out

What’s in the Standard

A Comprehensive Review of the 2015 Attacks on Ukranian Critical Infrastructure

The report details step-by-step process the threat actors took and seeks to highlight the opportunities for detection and prevention across the various steps of the attack. It includes an outline of the attack tools used – mainly BlackEnergy and KillDisk as well as an attack walk through highlighting threat actor activity during the attack.

In the section entitled “Top 10 Takeaways – What to Consider When Protecting your OT Environment”, #4 is entitled Segment your OT and IT Environments, “for ultimate protection, consider unidirectional technologies for one-way data transfer from sensitive environments to authorized systems”.

Take Aways

Although unidirectional technology is mentioned as a solution for “ultimate protection”, this report does not employ the same sophisticated approach to ICS cybersecurity for OT as we’ve seen elsewhere: the language is not as forceful regarding OT vs. IT as we see in the ABS guidelines, for example.