Hidden In Plain Sight

Control system cyber incidents are more plentiful and impactful than most observers expect - more than 17 million directly resulting in more than 34,000 deaths. Most of the incidents were engineering-based cyber attacks used to camouflage a deficiency in the design of the product or to cause physical damage.

The engineering-based cyber attacks did not involve the Internet, Windows, or Operating Technology (OT) networks to carry out the attacks. Consequently, these incidents were not identifiable by network cyber forensics and would not fall under the Chief Information Security Officer's domain.

This means most of these incidents would not be addressed by existing government and industry cyber security guidance, nor make their way to company  boards and regulatory authorities as cyber events.

While there have been more than 1,200 electric grid cyber-related incidents, that doesn’t adequately reflect the true impact on customers and the economy as some of the cyber-related outages have affected tens of millions of people. In addition, the diesel emissions scandal lays bare the philosophical differences in how offensive cyber attackers and cyber defenders’ approach cyber security.

The impacts from the 'dieselgate' were huge, more than $35 Billion in damages and several people went to jail, yet many defenders would not consider these to be malicious cyber attacks because they weren’t the type of attacks they were expecting.

Until the OT network-focused regulators and practitioners are willing to address engineering-based incidents and attacks, critical infrastructures cannot be secured.

Recommendations are provided to address the gaps in control system cyber security monitoring and control system cyber incident disclosure as existing disclosure requirements are geared toward vulnerabilities not incidents. It is also evident that monitoring the process sensor signals at the physics layer would have identified most of the incidents regardless of cause.

Joe Weiss is Managing Partner at Applied Control Solutions

This article is shortened version of the original Control Global Blog

You Might Also Read:

Many Cyber Security Experts Don’t Understand The Systems They Are Trying To Secure:

 

« Five Ways Executives Can Optimize Cyber Security Spending
It’s Well Past 230 For The US Communications Decency Act »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Pen Test Partners LLP

Pen Test Partners LLP

Pen Test Partners provides penetration testing, security assessment and training services.

Cyber Security Network

Cyber Security Network

Cyber Security Network provide specialist cyber security recruitment services.

ACI Solutions

ACI Solutions

ACI Solutions is a managed IT services and network security provider working with diverse global commercial, government and public sector clients.

Center for Identity - University of Texas at Austin

Center for Identity - University of Texas at Austin

The mission of the Center is to deliver the highest-quality discoveries, applications, education, and outreach for excellence in identity management, privacy, and security.

NTOP

NTOP

NTOP develop high-quality network traffic analysis and DDoS protection software used by small individuals as well by large telecom operators.

Omada

Omada

Omada is a leading provider of IT security solutions and services for identity management and access governance.

Corelight

Corelight

Corelight is the most powerful network visibility solution for information security professionals.

Brighter AI

Brighter AI

Brighter AI empowers companies to use publicly-recorded camera data for analytics & AI while being compliant with increasing data privacy regulations worldwide.

Ultratec

Ultratec

Ultratec provide a range of data centric services and solutions including data recovery, data erasure, data destruction and full IT Asset Disposal (ITAD).

Intrinium

Intrinium

Intrinium is an Information Technology and Security Solutions company, providing comprehensive consulting and managed services to businesses of all sizes.

Hunter Strategy

Hunter Strategy

Hunter Strategy focuses on delivering solutions that are concise, scalable, and target our customer’s complex technical challenges.

SilverSky

SilverSky

SilverSky offers a comprehensive suite of products and services that deliver unprecedented simplicity and expertise for compliance and cybersecurity programs.

Qascom

Qascom

Qascom is an engineering company offering security solutions in satellite navigation and space cybersecurity. We are one of the European key players in GNSS authentication and security.

Bytes Technology Group

Bytes Technology Group

Bytes is a leading provider of world-class IT solutions. Our growing portfolio of services includes cloud, security, licensing, SAM, storage, virtualisation and managed services.

Yarix

Yarix

Yarix is the leading company in Var Group’s Digital Security division and one of the most recognised, innovative and authoritative Italian companies in the IT security sector.

SOCRadar

SOCRadar

SOCRadar is an Extended Threat Intelligence (XTI) SaaS platform that combines External Attack Surface Management (EASM), Digital Risk Protection Services (DRPS), and Cyber Threat Intelligence (CTI).