Welcome!

News Feed Item

Ixia on Preventing Industrial Control System Attacks

Ixia, a leading provider of network testing, visibility and security solutions, offers organizations advice on preventing Industrial Control Systems (ICS) attacks in light of the recent report from Dragos on the CrashOverride malware. This malware took down 30 substations in the Ukraine’s power grid late last year, and left 230,000 residents in the Ukraine without power.1

The report from Dragos on CrashOverride was detailed and specific. The possibility of this malware strain permeating critical infrastructure around the world is evidence that plants and power systems continue to be under targeted attacks. In fact, early last year, hackers breached the a water utility company that is referred to as the “Kemuri Water Company.” They took control of hundreds of programmable logic controllers (PLCs) that manage the flow of toxic chemicals used for water treatment, which could have had dire consequences.

“The work required to create malware targeting specific ICS systems indicates nation-state sponsorship. One does not simply go out and build a 'mirror lab' of an electrical grid in their basement,” said Chuck McAuley, Principal Security Research Engineer at Ixia. “Human intelligence backed with strong technical knowledge is needed to create this type of software. Countries, and their private partners involved in infrastructure, need to be proactive about their security measures. In a region such as Europe, where the interconnected electrical grid crosses the borders of many countries, operators need to be ready for cyber attacks at all times.”

Attacks are rapidly evolving and, with nation-state support, will continue doing so. CrashOverride took advantage of four communication protocols used in ICS systems across Europe, Asia, and the Middle East, which highlights potential ICS system design flaws.

McAuley continued, “This attack illustrates that flipping breakers on and off repeatedly should trigger warnings from both remote terminal units and networking equipment. Rate limiting, inline mitigation, and machine learning defenses are quite mature and can easily be adapted to help provide protection in the ICS space. If a hacker’s intent is simply to cause disruption, they do not need to use tradecraft of the nth degree. In this particular case, the malware leveraged no zero day at all, choosing instead to leverage design flaws in the ICS network. Your adversary will only expose and use as much of their arsenal as they need to obtain their objective.”

According to Ixia, there a few simple steps organizations can follow to better prepare for these types of attacks:

Stay Offline

If organizations are incapable of maintaining their ICS networks with up to date countermeasures, they need to be disconnected from the Internet. In fact, organizations should attempt to remove any direct reliance on IP communications. Air gapping the network can help, but it does not always stop malware from entering a network.

Sharing is Caring

A culture of information sharing between the public and private sector should be encouraged. One of the most difficult aspects of cybersecurity is establishing and maintaining trust with peers across industries. Hackers already have the latter part down, and organizations should, too. The enemy relies on slow communications, legal tie-ups, and other bureaucratic clutter.

Get the Whole Picture

As in most cases, but especially the one outlined in the Dragos report, visibility is key to thwarting industrial attacks. Network visibility should be a cornerstone of any security posture. Moreover, rate limiting functions and alerting functions should be used with a strong visibility platform to notify operators when anomalies occur.

Preparation is Key

More than having the right relationship dynamics or tools, organizations cannot be frozen when attacks do occur. They should prepare by testing both their network equipment and people. While testing equipment is relatively straightforward, you need to test your people under real-world conditions using tabletop and cyber range exercises. This enables staff to learn how to perform and think outside the box like a hacker.

McAuley concluded, “The more you can see, the quicker and easier you can react. If the CrashOverride victims had tapped their ICS network, they would have immediately noticed a change in traffic patterns: the scanning for OPC-based services and the IEC 104 commands that repeatedly closed and opened breakers. Network monitoring equipment would be able see and alert on these transactions in realtime.”

About Ixia

Ixia, now part of Keysight Technologies, provides testing, visibility, and security solutions to strengthen networks and cloud environments for enterprises, service providers, and network equipment manufacturers. Ixia offers companies trusted environments in which to develop, deploy, and operate. Customers worldwide rely on Ixia to verify their designs, optimize their performance, and ensure protection of their networks and cloud environments. Learn more at www.ixiacom.com.

About Keysight Technologies

Keysight Technologies is a leading technology company that helps its engineering, enterprise and service provider customers optimize networks and bring electronic products to market faster and at a lower cost. Keysight's solutions go where the electronic signal goes, from design simulation, to prototype validation, to manufacturing test, to optimization in networks and cloud environments. Customers span the worldwide communications ecosystem, aerospace and defense, automotive, energy, semiconductor and general electronics end markets. Keysight generated revenues of $2.9B in fiscal year 2016. In April 2017, Keysight acquired Ixia, a leader in network test, visibility, and security. More information is available at www.keysight.com.

Ixia and the Ixia logo are trademarks or registered trademarks of Ixia in the United States and other jurisdictions. All other trademarks used herein are the property of their respective owners.

Connect with Ixia via:

LinkedIn
Twitter
Ixia Blog
YouTube

1 https://www.wired.com/2016/03/inside-cunning-unprecedented-hack-ukraines-power-grid/

More Stories By Business Wire

Copyright © 2009 Business Wire. All rights reserved. Republication or redistribution of Business Wire content is expressly prohibited without the prior written consent of Business Wire. Business Wire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Stories
Today we can collect lots and lots of performance data. We build beautiful dashboards and even have fancy query languages to access and transform the data. Still performance data is a secret language only a couple of people understand. The more business becomes digital the more stakeholders are interested in this data including how it relates to business. Some of these people have never used a monitoring tool before. They have a question on their mind like “How is my application doing” but no id...
What's the role of an IT self-service portal when you get to continuous delivery and Infrastructure as Code? This general session showed how to create the continuous delivery culture and eight accelerators for leading the change. Don Demcsak is a DevOps and Cloud Native Modernization Principal for Dell EMC based out of New Jersey. He is a former, long time, Microsoft Most Valuable Professional, specializing in building and architecting Application Delivery Pipelines for hybrid legacy, and cloud ...
With major technology companies and startups seriously embracing Cloud strategies, now is the perfect time to attend 21st Cloud Expo October 31 - November 2, 2017, at the Santa Clara Convention Center, CA, and June 12-14, 2018, at the Javits Center in New York City, NY, and learn what is going on, contribute to the discussions, and ensure that your enterprise is on the right path to Digital Transformation.
21st International Cloud Expo, taking place October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy. Me...
Join us at Cloud Expo June 6-8 to find out how to securely connect your cloud app to any cloud or on-premises data source – without complex firewall changes. More users are demanding access to on-premises data from their cloud applications. It’s no longer a “nice-to-have” but an important differentiator that drives competitive advantages. It’s the new “must have” in the hybrid era. Users want capabilities that give them a unified view of the data to get closer to customers and grow business. The...
"We focus on composable infrastructure. Composable infrastructure has been named by companies like Gartner as the evolution of the IT infrastructure where everything is now driven by software," explained Bruno Andrade, CEO and Founder of HTBase, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
SYS-CON Events announced today that Cloud Academy named "Bronze Sponsor" of 21st International Cloud Expo which will take place October 31 - November 2, 2017 at the Santa Clara Convention Center in Santa Clara, CA. Cloud Academy is the industry’s most innovative, vendor-neutral cloud technology training platform. Cloud Academy provides continuous learning solutions for individuals and enterprise teams for Amazon Web Services, Microsoft Azure, Google Cloud Platform, and the most popular cloud com...
"We are a monitoring company. We work with Salesforce, BBC, and quite a few other big logos. We basically provide monitoring for them, structure for their cloud services and we fit into the DevOps world" explained David Gildeh, Co-founder and CEO of Outlyer, in this SYS-CON.tv interview at DevOps Summit at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
Automation is enabling enterprises to design, deploy, and manage more complex, hybrid cloud environments. Yet the people who manage these environments must be trained in and understanding these environments better than ever before. A new era of analytics and cognitive computing is adding intelligence, but also more complexity, to these cloud environments. How smart is your cloud? How smart should it be? In this power panel at 20th Cloud Expo, moderated by Conference Chair Roger Strukhoff, paneli...
DevOps at Cloud Expo, taking place October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 21st Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time to w...
The current age of digital transformation means that IT organizations must adapt their toolset to cover all digital experiences, beyond just the end users’. Today’s businesses can no longer focus solely on the digital interactions they manage with employees or customers; they must now contend with non-traditional factors. Whether it's the power of brand to make or break a company, the need to monitor across all locations 24/7, or the ability to proactively resolve issues, companies must adapt to...
Cloud Expo, Inc. has announced today that Andi Mann and Aruna Ravichandran have been named Co-Chairs of @DevOpsSummit at Cloud Expo Silicon Valley which will take place Oct. 31-Nov. 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. "DevOps is at the intersection of technology and business-optimizing tools, organizations and processes to bring measurable improvements in productivity and profitability," said Aruna Ravichandran, vice president, DevOps product and solutions marketing...
The current age of digital transformation means that IT organizations must adapt their toolset to cover all digital experiences, beyond just the end users’. Today’s businesses can no longer focus solely on the digital interactions they manage with employees or customers; they must now contend with non-traditional factors. Whether it's the power of brand to make or break a company, the need to monitor across all locations 24/7, or the ability to proactively resolve issues, companies must adapt to...
SYS-CON Events announced today that CA Technologies has been named "Platinum Sponsor" of SYS-CON's 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. CA Technologies helps customers succeed in a future where every business - from apparel to energy - is being rewritten by software. From planning to development to management to security, CA creates software that fuels transformation for companies in the applic...
SYS-CON Events announced today that IBM has been named “Diamond Sponsor” of SYS-CON's 21st Cloud Expo, which will take place on October 31 through November 2nd 2017 at the Santa Clara Convention Center in Santa Clara, California.