Page 11 - Cyber Warnings
P. 11
Are your critical systems lying to you? Protecting SCADA
Systems from Data Forgery
by Michael Shalyt, VP Product Aperio Systems (www.aperio-systems.com)
Like many things in life, the greatest cyber threat to critical infrastructure is in the things we
cannot see.
Both security analysts and the general public spend a lot of time and energy discussing big-
name hackers — “Anonymous” and its cohorts or secret government agencies that sneak past
perimeter defenses and wreak havoc on or expose sensitive data from IT systems after making
their way in.
But attacks on critical infrastructure, though less discussed, can cause catastrophic damage.
Lloyd’s of London estimates a successful attack on the U.S. power grid could result in $1 trillion
worth of damage, not to mention loss of life.
And as the head of the UN’s nuclear watchdog agency put it, after revealing that nuclear
facilities in Germany and South Korea suffered disruptive cyber attacks, the stakes are no
longer theoretical (see this Reuters article for more details).
Serious cyber attacks against critical systems can come from all directions and at all levels of
sophistication.
Successful breaches by nation states and political actors have dominated headlines but, in
today’s world, attackers range from mere hobbyists, hacktivists and cybercriminals to
sophisticated state-sponsored attackers.
An Iranian national hacked the control systems of a NY dam, attackers left a quarter million
Ukrainians in the dark, and hacktivists with fairly limited skills were able to penetrate a water
treatment plant in the US. And these are just the examples we know about.
We can safely assume there are numerous breaches that are as yet undetected or undisclosed.
Unfortunately, it is clear that persistent attackers can penetrate critical control systems – and
when critical infrastructure is concerned, even a single destructive attack is one too many.
Therefore we must assume the worse – that the attacker already has control over the sensitive
network.
Once attackers are inside, in order to inflict severe and long-lasting damage to critical
11 Cyber Warnings E-Magazine November 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
