Hidden In Plain Sight

Uploaded on 2022-11-28 in FREE TO VIEW, BUSINESS-Services-IT & Telecoms, BUSINESS-Production-Utilities, BUSINESS-Production-Manufacturing

Control system cyber incidents are more plentiful and impactful than most observers expect - more than 17 million directly resulting in more than 34,000 deaths. Most of the incidents were engineering-based cyber attacks used to camouflage a deficiency in the design of the product or to cause physical damage.

The engineering-based cyber attacks did not involve the Internet, Windows, or Operating Technology (OT) networks to carry out the attacks. Consequently, these incidents were not identifiable by network cyber forensics and would not fall under the Chief Information Security Officer's domain.

This means most of these incidents would not be addressed by existing government and industry cyber security guidance, nor make their way to company  boards and regulatory authorities as cyber events.

While there have been more than 1,200 electric grid cyber-related incidents, that doesn’t adequately reflect the true impact on customers and the economy as some of the cyber-related outages have affected tens of millions of people. In addition, the diesel emissions scandal lays bare the philosophical differences in how offensive cyber attackers and cyber defenders’ approach cyber security.

The impacts from the 'dieselgate' were huge, more than $35 Billion in damages and several people went to jail, yet many defenders would not consider these to be malicious cyber attacks because they weren’t the type of attacks they were expecting.

Until the OT network-focused regulators and practitioners are willing to address engineering-based incidents and attacks, critical infrastructures cannot be secured.

Recommendations are provided to address the gaps in control system cyber security monitoring and control system cyber incident disclosure as existing disclosure requirements are geared toward vulnerabilities not incidents. It is also evident that monitoring the process sensor signals at the physics layer would have identified most of the incidents regardless of cause.

Joe Weiss is Managing Partner at Applied Control Solutions

This article is shortened version of the original Control Global Blog

You Might Also Read:

Many Cyber Security Experts Don’t Understand The Systems They Are Trying To Secure:

 

« Five Ways Executives Can Optimize Cyber Security Spending
It’s Well Past 230 For The US Communications Decency Act »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

VMworld

VMworld

VMworld is a global conference for virtualization and cloud computing, including associated security issues.

National Cyber Security Centre (NKSC) - Lithuania

National Cyber Security Centre (NKSC) - Lithuania

NKSC is the main Lithuanian cyber security institution, responsible for unified management of cyber incidents, monitoring and control of the implementation of cyber security requirements.

CERT-MU

CERT-MU

CERT-MU is the Mauritian National Computer Security Incident Response Team.

Digital Infrastructure Association (DINL)

Digital Infrastructure Association (DINL)

DINL is the leading representative for companies and organisations which are active within the Dutch digital infrastructure sector.

Clavister

Clavister

Clavister is a network security vendor delivering a full range of network security solutions for both physical and virtualized environments.

BMS Group

BMS Group

BMS is an independent, employee-owned specialist insurance broking group. Broking solutions include Cyber and Technology.

Core Security

Core Security

Core Security provides threat-aware identity, access, authentication and vulnerability management solutions.

Six Degrees Group

Six Degrees Group

Six Degrees is a specialist managed IT services organisation offering a range of solutions including Managed Security Services.

Seculert

Seculert

The Seculert Attack Detection & Analytics Platform combines machine-learning based analytics and threat intelligence to automatically detect cyber attacks inside the network.

LaoCERT

LaoCERT

LaoCERT is the national Computer Incident Response Team for Laos.

Wizlynx PTE LTD

Wizlynx PTE LTD

Wizlynx PTE LTD is the Singapore branch of Wizlynx Group located in Singapore, offering Information and Cyber Security Services throughout the entire Asia Pacific (APAC) region.

Reliance Cyber

Reliance Cyber

Reliance Cyber (formerly Reliance ACSN) help to monitor and manage your organisation’s security infrastructure 24/7, so you can make sure all threats and issues are dealt with.

Palitronica

Palitronica

Palitronica build cutting-edge hardware and breakthrough software that revolutionizes how we defend critical infrastructure and key resources.

Imprivata

Imprivata

Imprivata is the digital identity company for life- and mission-critical industries, redefining how organizations solve complex workflow, security, and compliance challenges.

Parablu

Parablu

Parablu is a leading provider of data security and resiliency solutions for the digital enterprise.

ArmorPoint

ArmorPoint

ArmorPoint redefines the traditional approach to cybersecurity by combining network operations, security operations, and SIEM technology in one platform.