Welcome!

News Feed Item

Ixia on Preventing Industrial Control System Attacks

Ixia, a leading provider of network testing, visibility and security solutions, offers organizations advice on preventing Industrial Control Systems (ICS) attacks in light of the recent report from Dragos on the CrashOverride malware. This malware took down 30 substations in the Ukraine’s power grid late last year, and left 230,000 residents in the Ukraine without power.1

The report from Dragos on CrashOverride was detailed and specific. The possibility of this malware strain permeating critical infrastructure around the world is evidence that plants and power systems continue to be under targeted attacks. In fact, early last year, hackers breached the a water utility company that is referred to as the “Kemuri Water Company.” They took control of hundreds of programmable logic controllers (PLCs) that manage the flow of toxic chemicals used for water treatment, which could have had dire consequences.

“The work required to create malware targeting specific ICS systems indicates nation-state sponsorship. One does not simply go out and build a 'mirror lab' of an electrical grid in their basement,” said Chuck McAuley, Principal Security Research Engineer at Ixia. “Human intelligence backed with strong technical knowledge is needed to create this type of software. Countries, and their private partners involved in infrastructure, need to be proactive about their security measures. In a region such as Europe, where the interconnected electrical grid crosses the borders of many countries, operators need to be ready for cyber attacks at all times.”

Attacks are rapidly evolving and, with nation-state support, will continue doing so. CrashOverride took advantage of four communication protocols used in ICS systems across Europe, Asia, and the Middle East, which highlights potential ICS system design flaws.

McAuley continued, “This attack illustrates that flipping breakers on and off repeatedly should trigger warnings from both remote terminal units and networking equipment. Rate limiting, inline mitigation, and machine learning defenses are quite mature and can easily be adapted to help provide protection in the ICS space. If a hacker’s intent is simply to cause disruption, they do not need to use tradecraft of the nth degree. In this particular case, the malware leveraged no zero day at all, choosing instead to leverage design flaws in the ICS network. Your adversary will only expose and use as much of their arsenal as they need to obtain their objective.”

According to Ixia, there a few simple steps organizations can follow to better prepare for these types of attacks:

Stay Offline

If organizations are incapable of maintaining their ICS networks with up to date countermeasures, they need to be disconnected from the Internet. In fact, organizations should attempt to remove any direct reliance on IP communications. Air gapping the network can help, but it does not always stop malware from entering a network.

Sharing is Caring

A culture of information sharing between the public and private sector should be encouraged. One of the most difficult aspects of cybersecurity is establishing and maintaining trust with peers across industries. Hackers already have the latter part down, and organizations should, too. The enemy relies on slow communications, legal tie-ups, and other bureaucratic clutter.

Get the Whole Picture

As in most cases, but especially the one outlined in the Dragos report, visibility is key to thwarting industrial attacks. Network visibility should be a cornerstone of any security posture. Moreover, rate limiting functions and alerting functions should be used with a strong visibility platform to notify operators when anomalies occur.

Preparation is Key

More than having the right relationship dynamics or tools, organizations cannot be frozen when attacks do occur. They should prepare by testing both their network equipment and people. While testing equipment is relatively straightforward, you need to test your people under real-world conditions using tabletop and cyber range exercises. This enables staff to learn how to perform and think outside the box like a hacker.

McAuley concluded, “The more you can see, the quicker and easier you can react. If the CrashOverride victims had tapped their ICS network, they would have immediately noticed a change in traffic patterns: the scanning for OPC-based services and the IEC 104 commands that repeatedly closed and opened breakers. Network monitoring equipment would be able see and alert on these transactions in realtime.”

About Ixia

Ixia, now part of Keysight Technologies, provides testing, visibility, and security solutions to strengthen networks and cloud environments for enterprises, service providers, and network equipment manufacturers. Ixia offers companies trusted environments in which to develop, deploy, and operate. Customers worldwide rely on Ixia to verify their designs, optimize their performance, and ensure protection of their networks and cloud environments. Learn more at www.ixiacom.com.

About Keysight Technologies

Keysight Technologies is a leading technology company that helps its engineering, enterprise and service provider customers optimize networks and bring electronic products to market faster and at a lower cost. Keysight's solutions go where the electronic signal goes, from design simulation, to prototype validation, to manufacturing test, to optimization in networks and cloud environments. Customers span the worldwide communications ecosystem, aerospace and defense, automotive, energy, semiconductor and general electronics end markets. Keysight generated revenues of $2.9B in fiscal year 2016. In April 2017, Keysight acquired Ixia, a leader in network test, visibility, and security. More information is available at www.keysight.com.

Ixia and the Ixia logo are trademarks or registered trademarks of Ixia in the United States and other jurisdictions. All other trademarks used herein are the property of their respective owners.

Connect with Ixia via:

LinkedIn
Twitter
Ixia Blog
YouTube

1 https://www.wired.com/2016/03/inside-cunning-unprecedented-hack-ukraines-power-grid/

More Stories By Business Wire

Copyright © 2009 Business Wire. All rights reserved. Republication or redistribution of Business Wire content is expressly prohibited without the prior written consent of Business Wire. Business Wire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Stories
The past few years have brought a sea change in the way applications are architected, developed, and consumed—increasing both the complexity of testing and the business impact of software failures. How can software testing professionals keep pace with modern application delivery, given the trends that impact both architectures (cloud, microservices, and APIs) and processes (DevOps, agile, and continuous delivery)? This is where continuous testing comes in. D
Recently, REAN Cloud built a digital concierge for a North Carolina hospital that had observed that most patient call button questions were repetitive. In addition, the paper-based process used to measure patient health metrics was laborious, not in real-time and sometimes error-prone. In their session at 21st Cloud Expo, Sean Finnerty, Executive Director, Practice Lead, Health Care & Life Science at REAN Cloud, and Dr. S.P.T. Krishnan, Principal Architect at REAN Cloud, discussed how they built...
In his Opening Keynote at 21st Cloud Expo, John Considine, General Manager of IBM Cloud Infrastructure, led attendees through the exciting evolution of the cloud. He looked at this major disruption from the perspective of technology, business models, and what this means for enterprises of all sizes. John Considine is General Manager of Cloud Infrastructure Services at IBM. In that role he is responsible for leading IBM’s public cloud infrastructure including strategy, development, and offering m...
Mobile device usage has increased exponentially during the past several years, as consumers rely on handhelds for everything from news and weather to banking and purchases. What can we expect in the next few years? The way in which we interact with our devices will fundamentally change, as businesses leverage Artificial Intelligence. We already see this taking shape as businesses leverage AI for cost savings and customer responsiveness. This trend will continue, as AI is used for more sophistica...
The “Digital Era” is forcing us to engage with new methods to build, operate and maintain applications. This transformation also implies an evolution to more and more intelligent applications to better engage with the customers, while creating significant market differentiators. In both cases, the cloud has become a key enabler to embrace this digital revolution. So, moving to the cloud is no longer the question; the new questions are HOW and WHEN. To make this equation even more complex, most ...
In his session at 21st Cloud Expo, Raju Shreewastava, founder of Big Data Trunk, provided a fun and simple way to introduce Machine Leaning to anyone and everyone. He solved a machine learning problem and demonstrated an easy way to be able to do machine learning without even coding. Raju Shreewastava is the founder of Big Data Trunk (www.BigDataTrunk.com), a Big Data Training and consulting firm with offices in the United States. He previously led the data warehouse/business intelligence and B...
Blockchain is a shared, secure record of exchange that establishes trust, accountability and transparency across business networks. Supported by the Linux Foundation's open source, open-standards based Hyperledger Project, Blockchain has the potential to improve regulatory compliance, reduce cost as well as advance trade. Are you curious about how Blockchain is built for business? In her session at 21st Cloud Expo, René Bostic, Technical VP of the IBM Cloud Unit in North America, discussed the b...
SYS-CON Events announced today that Synametrics Technologies will exhibit at SYS-CON's 22nd International Cloud Expo®, which will take place on June 5-7, 2018, at the Javits Center in New York, NY. Synametrics Technologies is a privately held company based in Plainsboro, New Jersey that has been providing solutions for the developer community since 1997. Based on the success of its initial product offerings such as WinSQL, Xeams, SynaMan and Syncrify, Synametrics continues to create and hone in...
With tough new regulations coming to Europe on data privacy in May 2018, Calligo will explain why in reality the effect is global and transforms how you consider critical data. EU GDPR fundamentally rewrites the rules for cloud, Big Data and IoT. In his session at 21st Cloud Expo, Adam Ryan, Vice President and General Manager EMEA at Calligo, examined the regulations and provided insight on how it affects technology, challenges the established rules and will usher in new levels of diligence arou...
Nordstrom is transforming the way that they do business and the cloud is the key to enabling speed and hyper personalized customer experiences. In his session at 21st Cloud Expo, Ken Schow, VP of Engineering at Nordstrom, discussed some of the key learnings and common pitfalls of large enterprises moving to the cloud. This includes strategies around choosing a cloud provider(s), architecture, and lessons learned. In addition, he covered some of the best practices for structured team migration an...
As you move to the cloud, your network should be efficient, secure, and easy to manage. An enterprise adopting a hybrid or public cloud needs systems and tools that provide: Agility: ability to deliver applications and services faster, even in complex hybrid environments Easier manageability: enable reliable connectivity with complete oversight as the data center network evolves Greater efficiency: eliminate wasted effort while reducing errors and optimize asset utilization Security: imple...
No hype cycles or predictions of a gazillion things here. IoT is here. You get it. You know your business and have great ideas for a business transformation strategy. What comes next? Time to make it happen. In his session at @ThingsExpo, Jay Mason, an Associate Partner of Analytics, IoT & Cybersecurity at M&S Consulting, presented a step-by-step plan to develop your technology implementation strategy. He also discussed the evaluation of communication standards and IoT messaging protocols, data...
Companies are harnessing data in ways we once associated with science fiction. Analysts have access to a plethora of visualization and reporting tools, but considering the vast amount of data businesses collect and limitations of CPUs, end users are forced to design their structures and systems with limitations. Until now. As the cloud toolkit to analyze data has evolved, GPUs have stepped in to massively parallel SQL, visualization and machine learning.
The 22nd International Cloud Expo | 1st DXWorld Expo has announced that its Call for Papers is open. Cloud Expo | DXWorld Expo, to be held June 5-7, 2018, at the Javits Center in New York, NY, brings together Cloud Computing, Digital Transformation, Big Data, Internet of Things, DevOps, Machine Learning and WebRTC to one location. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding busin...
Modern software design has fundamentally changed how we manage applications, causing many to turn to containers as the new virtual machine for resource management. As container adoption grows beyond stateless applications to stateful workloads, the need for persistent storage is foundational - something customers routinely cite as a top pain point. In his session at @DevOpsSummit at 21st Cloud Expo, Bill Borsari, Head of Systems Engineering at Datera, explored how organizations can reap the bene...