How can ICS cyber security risk be quantified and what does it mean to Aurora

Nov. 10, 2014

There is little information on frequency of ICS cyber attacks. HAVEX and BlackEnergy have been targeting selected ICS vendor HMIs that could be used to give remote access to the attackers. Once your computer is owned there's not much the attacker can't do. The Aurora event can be initiated by the remote closing and reopening of breakers by the SCADA HMI. If the attackers “own” the HMIs, there are venues for initiating Aurora events

I will be giving a lecture on ICS cyber security risk at the Fraunhofer Institute December 2nd in Germany. In preparation for the lecture, I was looking into the recent HAVEX and BlackEnergy malware attacks and how they can affect ICS cyber risk. Risk is defined as frequency times consequence. There is little information on frequency of ICS cyber attacks. The next issue is how do you define consequence. HAVEX and BlackEnergy have been targeting selected ICS vendor HMIs that could be used to give remote access to the attackers. Even though the purpose of HAVEX and BlackEnergy appears to be exfiltrating information, there is nothing to stop the attackers from taking other actions. (Stuxnet initially was thought to be only about exfiltrating information.) It is possible that attackers could login and send commands to the computer. Once your computer is owned there's not much the attacker can't do. This brings up the question of how consequence is defined.

The Aurora event can be initiated by the remote closing and reopening of breakers by the SCADA HMI. If the attackers “own” the HMIs, there are venues for initiating Aurora events. Aurora has yet to be adequately mitigated by the utility industry. Moreover, much of the classified information on Aurora has been made public by DHS. As the information on Aurora is public and there may be unauthorized access to ICS HMI’s, I would consider this situation to be a significant risk to our critical infrastructures.

Joe Weiss

Sponsored Recommendations

Measurement instrumentation for improving hydrogen storage and transport

Hydrogen provides a decarbonization opportunity. Learn more about maximizing the potential of hydrogen.

Get Hands-On Training in Emerson's Interactive Plant Environment

Enhance the training experience and increase retention by training hands-on in Emerson's Interactive Plant Environment. Build skills here so you have them where and when it matters...

Learn About: Micro Motion™ 4700 Config I/O Coriolis Transmitter

An Advanced Transmitter that Expands Connectivity

Learn about: Micro Motion G-Series Coriolis Flow and Density Meters

The Micro Motion G-Series is designed to help you access the benefits of Coriolis technology even when available space is limited.