Andrew Ginter Tag

An organized crime group develops a history of routine speculation on futures markets for gasoline. Then they damage equipment at a refinery by using known vulnerabilities on internet facing IT equipment. This cripples the supply, makes prices spike, and attackers profit from their speculation.

Nation state attackers use more sophisticated tools such as the BlackEnergy trojan to ultimately take over equipment on the ICS network and disable protective relays. The attack group then sends control commands to very quickly connect and disconnect power flows to parts of the grid, destroying larg

An attack group similar to the “Shadow Brokers” steals a list of zero days from a nation-state adversary and sells the list to an organized crime group. That group creates autonomous ransomware that jumps through firewalls via encrypted connections to file shares, causing an emergency shutdown a

There are voices in the industrial security community advocating a return to hard-wired protective relays, discarding two decades of progress in this space. But, a practical solution is to protect the protection. In power plants, as in high voltage substations, protective relays can be connected to

The US government acts to protect the electric grid - but there is only so much any government can do. Unlike physical conflicts, the only way to defeat the most sophisticated cyber attacks is for individual sites to take the lead

In this time of COVID-19 travel restrictions and quarantines, understanding options for safe, secure remote access to Industrial Sites and Control Centers is especially important. This post reviews 3 common options for secure remote access and support: server replication, Remote Screen View and Secu