topic Re: Here we go, were they prepared? in Industry News

Here we go, were they prepared?

Caute_cautim — Wed, 20 May 2020 21:19:25 GMT

Hi All

Well, lots of talks about impending Cyber security attacks on critical infrastructure - but now it has happened in the UK: Were they prepared or was it a case of bottom line, and bury ones head in the sand as usual?

https://ia.acs.org.au/article/2020/uk-electricity-grid-hit-by-cyberattack.html?_lrsc=8c299fee-c346-4526-8033-2d44e130d99b

Regards

Caute_cautim

Re: Here we go, were they prepared?

dcontesti — Thu, 21 May 2020 14:52:13 GMT

Problem with ICS system owners, is that they believe they have done "Security by Obsecurity" so well that folks will never be able to affect them.

Add to this all the news happening on Covid-19 hacks/scams/etc., folks may be letting their guard down.

I am curious as there isn't alot of information here on the attack (probably never will be) but the inability to send/receive emails, implies that 1) the hacker disabled the mail system itself, which means they got quite far into the system or 2) they have disabled some ports on the firealls ....

The article does not say that they cannot create mail....they just cant send it.

Given either 1 or 2, if I were them, I would be searching my systems for additional malware that may have been downloaded, etc.

my thoughts only

Re: Here we go, were they prepared?

denbesten — Thu, 21 May 2020 15:34:31 GMT

@dcontesti wrote:
Problem with ICS system owners, is that they believe they have done "Security by Obsecurity" so well that folks will never be able to affect them.

That, and air gapping. Airg apping can be extremely effective, but completely falls apart the moment one realizes they can save money by implementing remote support and end up somehow compromising the air gap.

Although not precisely the same scenario, I use Davis-Besse as my example when I help people work through the risk analysis regarding remote support.

Re: Here we go, were they prepared?

dcontesti — Thu, 21 May 2020 15:43:29 GMT

I love Air gapping but unfortunately we had to eliminate when the Accounting folks wanted real time numbers for product costing, etc.

Re: Here we go, were they prepared?

AlecTrevelyan — Thu, 21 May 2020 19:28:29 GMT

This is nothing more than an amusing non-story from last week's news, which amounts to little more than "random company suffers ransomware attack"...

This quote from The Register about sums everything up:

"A complex and vital market mechanism, any failure in the BSC would cause severe headaches for accountants trying to reconcile their figures. The financial side of the UK's electricity market is, however, well insulated from the wiggly amps making their way along the nation's cables."

The company involved is effectively a financial middleman brokering deals between the UK's National Grid and the power generating companies. They are in no way, shape or form considered "critical infrastructure".

Don't believe the hype!

Re: Here we go, were they prepared?

dcontesti — Fri, 22 May 2020 14:47:31 GMT

Thanks for the clarification, however my comments still stand related to companies with ICS.

Even if they are only doing billing/sales/etc. if I were them I would still be doing a deep dive into my systems. If I can stop the email system just think of the other damage that I might be able to do....change the rate (cost) of electricity to be 0.00001 cents per KWH or 100 pounds per KWH......lots of potential for havac.