I strongly suggest reading the PDF if you want to learn or understand the issue.
One of the things I noted on my first read of the PDF, was that not only was the one plant hit by Malware, but that two of their workstations that were critical to the operation of the plant had no backups, or even backup components on site.
This hints at the rather large scope of the problem for improving ICS security.
I don't have a background in ICS or Power Plants, my experience is more in physical security, but the impression I got from the ICS CERT Monthly Monitor was that many (most?) of these plants are used to winging things.
They are used to enough slack, or excess capacity, in the system or grid as a whole, that they haven't had to meet the type of uptime requirements many in IT fields take for granted.
If I understood correctly, a simple HDD or power supply failure of one of the critical workstations could have deadlined the whole plant for indefinite period.
Further Resources from US CERT Control Systems Security Program (CSSP):
- Introduction to Recommended Practices: http://www.us-cert.gov/control_systems/practices/
- Recommended Practices: http://www.us-cert.gov/control_systems/practices/Recommended_Practices.html
- Cyber Threat Source Descriptions: http://www.us-cert.gov/control_systems/csthreats.html
- Information Products: http://www.us-cert.gov/control_systems/csdocuments.html
No comments:
Post a Comment