Abstract
As described in Lee et al., cyber-attackers conducted a coordinated, multifaceted operation against three distribution companies on 23 December 2015, resulting in a customer outage of nearly 4 hours. The significance in this event does not originate from the infiltration of the electric sector; on the contrary, Gorman, Toppa, Perlroth, Dearden, and Borger indicate they have been compromised before and will continue to be compromised in the future. Nor was this event significant because it harkened the arrival of some previously unknown, sophisticated industrial control system (ICS) malware, as Karnouskos, Fidler and Matrosov et al. argued was the case with Stuxnet. Rather, the significance of the December 2015 event stems from the means by which the attackers interfaced with and, ultimately, used the energy system design to their advantage.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
R. Lee, M. Assante, T. Conway, Analysis of the cyber-attack on the Ukrainian power grid. Prepared for the Energy Information Sharing and Analysis Center (E-ISAC), 16 Mar 2016
S. Gorman, Electricity grid in U.S. penetrated by spies. (Wall Street J, 2009), https://www.wsj.com/articles/SB123914805204099085
S. Toppa, The National Power Grid is under almost continuous attack, report says. (Time, 2015), http://time.com/3757513/electricity-power-grid-attack-energy-security/
N. Perlroth, Hackers are targeting nuclear facilities, Homeland Security Dept. and F.B.I. say. (The New York Times, 2017), https://www.nytimes.com/2017/07/06/technology/nuclear-plant-hack-report.html
L. Dearden, Russian cyber-attacks have targeted UK energy, communication, and media networks, says top security chief. (Independent, 2017), https://www.independent.co.uk/news/uk/home-news/russia-hacking-uk-bt-media-energy-companies-top-spy-security-schief-a8055371.html
J. Borger, US accuses Russia of cyber-attack on energy sector and imposes new sanctions. (The Guardian, 2018), https://www.theguardian.com/us-news/2018/mar/15/russia-sanctions-energy-sector-cyber-attack-us-election-interference
S. Karnouskos, Stuxnet worm impact on industrial cyber-physical system security, in IECON 2011-37th Annual Conference on IEEE Industrial Electronics Society, 2011
D.P. Fidler, Was Stuxnet an act of war? Decoding a cyberattack. IEEE Security & Privacy 9(4), 56–59 (2011)
A. Matrosov, E. Rodionov, D. Harley, J. Malcho, Stuxnet under the microscope. ESET, Technical report, 2011, revision 1.31
M. Braglia, MAFMA: multi-attribute failure mode analysis. Int. J. Qual. Reliab. Manag. 17(9), 1017–1033 (2000)
A. Bolshev, J. Larsen, M. Krotofil, R. Wightman, A rising tide: design exploits in industrial control systems. Prepared for 10th USENIX workshop on offensive technologies, WOOT 16, USENIX Association, Austin, TX, 2016
Sandia National Laboratories, Guide to CIP cyber-vulnerability assessment, http://energy.sandia.gov/wp-content/gallery/uploads/CIP_CyberAssessmentGuide.pdf
C. Ten, C. Liu, G. Manimaran, Vulnerability assessment of cybersecurity for SCADA systems. IEEE Trans. Power Syst. 23(4), 1836–1846 (2008)
P.A.S. Ralston, J.H. Graham, J.L. Hieb, Cybersecurity risk assessment for SCADA and DCS networks. ISA Trans. 46, 583–594 (2007)
Symantec, Internet security threat report. (2016), https://www.symantec.com/content/dam/symantec/docs/reports/istr-21-2016-en.pdf
M. Dacier, L. Yumer, T. Dumitras, Lessons learned from a rigorous analysis of two years of zero-day attacks. Prepared for RSA conference Asia Pacific, 2013, https://www.rsaconference.com/writable/presentations/file_upload/cle-t02_final_v2.pdf
L. Ablon, A. Bogart, Zero days, thousands of nights: the life and times of zero-day vulnerabilities and their exploits. (Rand, 2017), https://www.rand.org/content/dam/rand/pubs/research_reports/RR1700/RR1751/RAND_RR1751.pdf
S. Tom, D. Christiansen, D. Berrett, Recommended Practice for Patch Management of Control Systems (Department of Homeland Security, Washington, D.C., 2008). https://ics-cert.us-cert.gov/sites/default/files/recommended_practices/RP_Patch_Management_S508C.pdf
C. St Michel, S. Freeman, R. Smith, M. Assante, Consequence-driven. (Cyber-Informed Engineering. 2016), https://www.osti.gov/biblio/1341416
R. Pal, L. Golubchik, K. Psounis, P. Hui, Security pricing as enabler of cyber-insurance A First Look at Differentiated Pricing Markets. IEEE Trans. Dependable Secure Comput. (2016)
N.S. Malik, R. Collins, M. Vamburkar, Cyberattack pings data systems of at least four gas networks. (Bloomberg, 2018), https://www.bloomberg.com/news/articles/2018-04-03/day-after-cyber-attack-a-third-gas-pipeline-data-system-shuts
S. Romanosky, L. Ablon, A. Kuehn, T. Jones, Content analysis of cyber-insurance policies: how do carriers write policies and price cyber-risk? (Rand Corporation, 2017), https://ssrn.com/abstract=2929137
M. Thompson, Why cyber-insurance will be the next big thing. (CNBC, 2014), https://www.cnbc.com/2014/07/01/why-cyber-insurance-will-be-the-next-big-thing.html
R. Colbaugh, K. Glass, Proactive defense for evolving cyber-threats, in IEEE International Conference on Intelligence and Security Informatics, Beijing, China, 2011, https://www.osti.gov/servlets/purl/1108387
M. Bozorgi, L. Saul, S. Savage, G. Voelker, Beyond heuristics: learning to classify vulnerabilities and predict exploits, in Proceedings of the 16th International Conference on Knowledge Discovery and Data Mining, 2010, pp. 105–114
Y.-F. Han, D. Kumar, C. Sivadinarayana, D.W. Goodman, Kinetics of ethylene combustion in the synthesis of vinyl acetate over a PD/SiO2 catalyst. J. Catal. 224, 60–68 (2004)
D. Gollmann, P. Gurikov, A. Isakov, M. Krotofil, J. Larsen, A. Winnicki, Cyber-physical systems security – experimental analysis of a vinyl acetate monomer plant. ACM Cyber-Physical System Security Workshop (CPSS), Singapore, 2015
A. Cherepanov, Win32/Industroyer: a new threat for industrial control systems. (ESET, 2017), https://www.welivesecurity.com/wp-content/uploads/2017/06/Win32_Industroyer.pdf
E. Kovacs, Electrical substations exposed to attacks by flaws in Siemens devices. (2018), https://www.securityweek.com/electrical-substations-exposed-attacks-flaws-siemens-devices
Havex hunts for ICS/SCADA systems. (F-Secure Labs, 2014), https://www.f-secure.com/weblog/archives/00002718.html
R. Heuer Jr., R. Pherson, Structured Analytic Techniques for Intelligence Analysis (Sage/CQPress, Washington, D.C., 2015)
B. Wood, R. Duggan, Red teaming of advanced information assurance concepts, in DISCEX 2000, Hilton Head, South Carolina, January 2000, http://cs.uccs.edu/~cchow/pub/master/sjelinek/doc/research/red.pdf
J. Larsen, Physical damage 101: bread and butter attacks. (Blackhat, 2015), https://www.blackhat.com/docs/us-15/materials/us-15-Larsen-Remote-Physical-Damage-101-Bread-And-Butter-Attacks.pdf
R. Wightman, The easy button for cyber/physical ICS attacks, in S4 Security Conference, 2016
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this chapter
Cite this chapter
St. Michel, C., Freeman, S. (2019). Consequence-Based Resilient Architectures. In: Rieger, C., Ray, I., Zhu, Q., Haney, M. (eds) Industrial Control Systems Security and Resiliency. Advances in Information Security, vol 75. Springer, Cham. https://doi.org/10.1007/978-3-030-18214-4_2
Download citation
DOI: https://doi.org/10.1007/978-3-030-18214-4_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-18213-7
Online ISBN: 978-3-030-18214-4
eBook Packages: Computer ScienceComputer Science (R0)