Archer

Our top industrial security stories in 2019

In 2019, we helped you stay informed about attacks and events affecting power, water, factories, critical infrastructure and more.

Archer News took you around the world to see new research into security for industrial systems — and how it can impact you.

Here are some highlights:

Industrial Security in 2019

We brought you industrial security news from San Francisco to Miami, Argentina to Turkey, and beyond.

You saw how researchers say malware landed on nuclear plant computers in India — through a phishing email, after more than a year of malware-laden messages from an attack group.

With the U.S. – Iran relationship heating up, how the U.S. Department of Homeland Security warned about attacks on power plants, factories and more.

And how Turkey is becoming a growing target for cyberattacks on critical infrastructure.

 

Ransomware

In March, we showed you what you can learn from the large-scale ransomware attack on Norway’s aluminum producer Norsk Hydro, with headquarters in Oslo and facilities around the world.

“I hate to say this this is the new normal, but it kind of is,” said Mark Heard, now with cybersecurity company Dragos. “It’s an indication of what companies that have operations that are connected to the Internet will have to face and protect against.”

And that means backing up data the right way, according to James McQuiggan, formerly of Siemens, now with KnowBe4.

“Make sure that they’re restoring properly,” McQuiggan told Archer News. “I’ve heard many, many times where companies will say, ‘Yep, we’re backing up, we’re doing the daily backups,’ and then when they have to restore they go, ’Oh, it’s been corrupted the last three months because they haven’t checked.’”

 

 

More than 70 U.S. city and state governments fell victim to ransomware in 2019.

Ransomware also hit the city of Johannesburg, South Africa, in July, preventing people from buying electricity under the city’s prepaid system.

U.S. Grid Cyberattack

We talked to experts about the March 5 incident on the U.S. grid, what some called the first such cyberattack on the American power system.

A denial of service attack hit solar and wind energy developer sPower, based in Salt Lake City, causing communications outages for 12 hours, reported E&E News on October 31.

Just how serious was this attack and what does it mean?

“I wouldn’t say that it’s a targeted attack, attempting to take out power to people here in the U.S.,” said Chris Sistrunk with cybersecurity company FireEye. “I think it’s like something exposed in your front yard, on the street, and someone’s going around checking your mailbox to see if it’s locked or not.”

“I think the utilities involved are learning from lessons from it. Probably, they’re going to do a better job in the future. At least I hope so,” said K. Reid Wightman with Dragos.

 

New Tech, New Risks?

We looked at how the surge toward solar power is opening up new targets for cyber attackers.

One attack target — solar inverters that change sunlight into electric power.

“By manipulating the settings of these devices, it is possible that you could introduce very large swings in what the voltage could be,” said Dan Arnold with Lawrence Berkeley National Laboratory in California. “You could create some sort of cascading problem.”

 

Dumbing Down the Grid?

We saw controversy this year over the bill working its way through congress that would have researchers look at all ways to protect the U.S. power grid, including analog or old school techniques — what some call “dumbing down” the smart grid.

For some, this sounds like going back to running the power grid manually.

“In reality, such a retro approach is a poor way to address cybersecurity risk and shouldn’t be considered as a realistic control,” Nigel Stanley, TUV Rheinland’s chief technology officer, told Archer News.

“I think that we’ve over used technology and shiny things right because it’s shiny and new and we want it,” said Marty Edwards, now with Tenable. “But when you’re talking about critical national infrastructure, or you’re talking about something that could potentially kill thousands of people if there was a significant failure, you need to be paying extremely careful attention to what technology you use.”

 

Food

We looked at the push toward digitizing the making of your food, bringing another basic part of your survival into the scope of cyber attackers.

“That process we think of, you know, somebody in overalls with a tractor. These things are offices. They are Internet-enabled, they are GPS connected,” said Trend Micro’s Bill Malik. “So, you might try to damage that system. You might try to corrupt the information.”

 

Vulnerabilities

We showed you new research on security gaps, from giant construction cranes that can do damage to the robots that move the industrial world.

From USBs that can connect to so-called “air-gapped” systems to data diodes that protect industrial networks and the very basic building blocks of industry, the PLC, or programmable logic controller — now a target for hackers of all kinds.

“It’s very important that we find all of these issues in advance of the attackers finding them,” said Daniel Lance with Nozomi.

 

It Takes a Village

And if you want to join in, you can hack a water or power plant, the ICS Village — designed to help people like you learn even more about your digital, industrial world.

Tom VanNorman is one of the ICS Village’s founders.

“It is a lot of work. We’re volunteers and none of us make any money off of this,” he told Archer News. “It’s a passion.”

 

What is ICS?

Finally, we worked to educate and inform everyone about industrial cybersecurity with our popular “What is?” videos.

We went inside a video game to learn “What is Shodan?“, onto the Starship Enterprise to find out “What is an HMI?“, and into the Death Star to see what is that all-important PLC.

Enjoy these other “What is?” stories and cheers to more industrial cybersecurity stories in 2020!

 

 

What is ICS?

What is a honeypot?

What is a zero-day?

What is a RAT?

What is a DMZ?

What is BEC?

What is a DDoS?

 

We dedicate this year’s industrial cybersecurity year in review to Michael Assante, who worked passionately to improve industrial cybersecurity and passed away on July 5, 2019.

“The world is a safer place because of Mike,” said the SANS Institute, where Assante worked as director of the ICS and SCADA security curriculum.

 

 



Leave a Reply