The blackout…revisited

This year has started with some frights for all of us who have responsibilities in secure operations in electric power grids. There is, on one hand, the Israel Electric Authority event. On January 27th we find headlines like these, from Fox News:

img5

Apparently the day came when someone had activated, at last, the Doomsday button and sent Israel, or was close to, to the middle ages. However, reality ended up being more prosaic and Apocalypse prophets had to sheathe again their keyboards once it was confirmed that, in the end, it was a case of ransomware in equipment belonging to a typical IT network, infected by the not-so-elegant phishing technique. Furthermore, as I am reading, the partial loss of electric supply on some clients could be attributed to the deliberate decision of personnel in charge of the grid operations who would have preferred to disconnect some load, instead of facing a complete network collapse. Moreover, it has been stated that operators reacted that way under the conviction they were under attack in a moment when the demand was growing at a high rate because of the low temperatures.

[Read more…]

Stuxnet: lessons learned?

It is often admitted that ignorance is bliss. Conversely, another universal truth states that knowledge is power. I guess that we all have to find our place somewhere between both end members to keep our mental stability. However, when it comes to ICS cybersecurity knowledge is a must. The dark side lack of industrial processes know-how is the finger that plugs the hole in the dike, preventing the flood. But, as in the Dutch tale, this won’t last forever.... Leer Más

iSOC: A new concept in cibersecurity

I’m sure we all have sketched a smile when seeing photographs or videos of strange artifacts powered by steam or internal combustion engines. Most of these inventions failed because the technology used didn’t fit the purpose they were meant for. Seen with modern eyes it’s just so naïve to try to fly a plane fitted with a steam engine. However, those inventors were not as dumb as their failure suggests. They were intelligent people (or, let’s say, not less intelligent than average) trying to solve the problems of their time with the technology available.

Steam powered the beginning of industrialization, granting people access to energy at a scale never seen before. This brand new technology lead to an engineering and cultural revolution that paved the way to our modern society. The Industrial Revolution beginnings were times of faith in progress, of unleashed collective optimism. Steam-powered machines were regarded as the key to all kind of engineering problems that remained unsolved so far.

[Read more…]

Aurora vulnerability or how to exploit knowledge of physical processes

Trying to raise awareness of cybersecurity issues among my fellow process & control engineers is a challenging task. We’ve talked about it before, making it clear how the lack of the basic notions on ICT environments and procedures turn the risks and mechanisms of attack almost inconceivable for these engineers. I mean ‘inconceivable’ sensu stricto: not something with a very low assigned probability, but something you cannot even think about because you lack the cultural background and experience to do so.... Leer Más

Industrial Control Technologies Cybersecurity. Time to wake up.

Sometimes one has to make an effort to balance opposing feelings. This is the case since I work in cybersecurity issues. I have devoted much of my career to work on public infrastructures design and construction, mainly water treatment plants. As an engineer I was in charge of industrial processes and associated control systems design: physical processes, electrical system wiring diagrams (power and control), network architectures and control components, etc. In short, the process and associated SCADA systems. I‘d like to think I did a good job.... Leer Más