The Advanced Persistent Threat and Industrial Control Systems – does it make sense

March 22, 2010

Digital Bond’s Dale Peterson, SAN’s Alan Paller, and others have been sounding the alarm about Advanced Persistent Threats affecting the electric power industry.  APTs are sophisticated and organized cyber attacks to access and steal information from compromised computers. The attacks used by APT intruders are not very different from any other intruder. The main differentiator is the APT intruder’s perseverance and resources. They have malicious code (malware) that circumvents common safeguards such as anti-virus.

Digital Bond’s Dale Peterson, SAN’s Alan Paller, and others have been sounding the alarm about Advanced Persistent Threats affecting the electric power industry.  APTs are sophisticated and organized cyber attacks to access and steal information from compromised computers. The attacks used by APT intruders are not very different from any other intruder. The main differentiator is the APT intruder’s perseverance and resources. They have malicious code (malware) that circumvents common safeguards such as anti-virus. The recommended mitigation is detection, collection, analysis, and remediation. 
These warnings sound ominously similar to last year’s Wall Street Journal article about the Chinese and Russians being in the power grid. Addressing APT threats make sense in the traditional IT domain and at the SCADA and DCS master stations which are essentially IT systems.  However, APT attacks don’t make as much sense for field devices. Many utilities are not even looking at field devices as many of these systems are not considered NERC critical assets. Secondly, detection and collection are difficult at best when minimal (if any) cyber forensics exist for these systems. Thirdly, it is not clear what cyber attack signatures against field devices look like.  Those yelling the most appear to be unaware that many of the most significant ICS cyber incidents that have occurred are not the sexy IT attacks they keep trying to prevent. In fact, many of the most significant ICS cyber incidents to date did not involve the Internet. Even more troubling, many of these critical cyber incidents including those that killed people, caused nuclear plant shutdowns, and caused wide spread power outages did not violate any IT security policies.
Let industry develop the appropriate forensics and security at the field device layer and actually look before crying wolf.  My book will help to provide clarity about these types of issues.
Joe Weiss

Sponsored Recommendations

Measurement instrumentation for improving hydrogen storage and transport

Hydrogen provides a decarbonization opportunity. Learn more about maximizing the potential of hydrogen.

Get Hands-On Training in Emerson's Interactive Plant Environment

Enhance the training experience and increase retention by training hands-on in Emerson's Interactive Plant Environment. Build skills here so you have them where and when it matters...

Learn About: Micro Motion™ 4700 Config I/O Coriolis Transmitter

An Advanced Transmitter that Expands Connectivity

Learn about: Micro Motion G-Series Coriolis Flow and Density Meters

The Micro Motion G-Series is designed to help you access the benefits of Coriolis technology even when available space is limited.