Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Partner Perspectives  Connecting marketers to our tech communities.
4/18/2016
10:48 AM
Scott Montgomery
Scott Montgomery
Partner Perspectives
50%
50%

Which Critical Infrastructure Attack Will Be Our Bangladesh Factory Collapse?

Critical infrastructure security is finally getting the attention it deserves; let's hope that it is enough to prevent a major disaster.

Factory fires, mine explosions, collapsed buildings, and other workplace accidents that kill and injure workers have led to occupational health and safety laws in most countries. When workers are not killed or injured, but could have been, these events are referred to as “serious potential incidents.”

In workplaces around the world, we are seeing serious potential incidents from cyberattacks instead of unsafe conditions, machinery, or chemicals. This trend is worrisome for a couple of reasons:

  1. Some of these attacks are conducted with an intent to harm.
  2. The potential for injuries or fatalities is substantial.

Most industrial and critical infrastructure organizations will admit to being probed or attacked on a frequent basis, without success. However, there have been several serious potential incidents in the past couple of years where cyberattacks came close to causing significant harm, including a dam in suburban New York, steel foundry in Germany, and electrical substations in Ukraine.

Flood-Control Dam, New York

Recent indictments against some Iranian hackers by the U.S. Department of Justice have brought renewed publicity to the hacking of a small flood-control dam in suburban New York. In this case, the hackers appear to have stumbled across an unprotected computer at the dam using a search technique known as Google dorking. Using specific search terms on the standard, publicly available Google search-engine, hackers can discover computers, login portals, and other access points that are unintentionally connected to the public Internet. This does not appear to have been a preplanned or coordinated attack, and the hackers could not open or close the primary sluice gate because it was still in manual mode. However, with a 20-foot high-water mark and a neighboring middle school, the potential for death or serious injury from even this small dam is significant.

Steel Foundry, Germany

A preplanned cyberattack that caused a significant amount of damage happened a few years ago against a steel foundry in Germany. In this case, the attackers used spear phishing emails to steal credentials and gain access to the foundry’s business systems. Once inside, the hackers took time to explore the network and found a way to get from the business network to the industrial operations. Demonstrating a sophisticated knowledge of industrial controls and processes, the hackers explored the systems and, whether intentionally or accidentally, caused a series of malfunctions that resulted in more than $1 million in damage to a blast furnace. If the intent was not damage or sabotage to the foundry, what damage could they have caused, perhaps by affecting the quality of steel intended for a bridge or office building?

Electrical Grid, Ukraine

Finally, a sophisticated and methodical attack in December 2015 shut down more than 50 electrical substations in Ukraine, affecting more than 200,000 people who were without power for up to six hours. This attack also started with spear-phishing emails that stole credentials and installed malware, months or even years before the outage. Using their access, the hackers explored the systems, quietly getting closer to the control systems. In addition to turning off the power, this group also made it difficult to restore power, modifying firmware, corrupting master boot records, and even running a denial-of-service attack against the call center. In this case, the business and operations systems were segregated, but allowed VPN access to the SCADA network. The power was out for only six hours, but months later the substations are still working to recover full functionality of the corrupted systems, and most of the substations are still on manual control.

What Will It Take For Us To Secure Our Infrastructure?

Which security incident in the future will become as infamous as the Bangladesh factory collapse that killed more than 300 workers, the Triangle Shirtwaist factory fire where 146 perished, or the non-fatal but embarrassing collapse of the Tacoma Narrows Bridge? Critical infrastructure security is finally getting the attention it deserves; let’s hope that it is enough to prevent a major disaster.

Scott Montgomery is vice president and chief technology officer for the Americas and public sector at Intel Security. He runs worldwide government certification efforts and works with industry and government thought leaders and worldwide public sector customers to ensure that ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/21/2020
Hacking Yourself: Marie Moe and Pacemaker Security
Gary McGraw Ph.D., Co-founder Berryville Institute of Machine Learning,  9/21/2020
Startup Aims to Map and Track All the IT and Security Things
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-25596
PUBLISHED: 2020-09-23
An issue was discovered in Xen through 4.14.x. x86 PV guest kernels can experience denial of service via SYSENTER. The SYSENTER instruction leaves various state sanitization activities to software. One of Xen's sanitization paths injects a #GP fault, and incorrectly delivers it twice to the guest. T...
CVE-2020-25597
PUBLISHED: 2020-09-23
An issue was discovered in Xen through 4.14.x. There is mishandling of the constraint that once-valid event channels may not turn invalid. Logic in the handling of event channel operations in Xen assumes that an event channel, once valid, will not become invalid over the life time of a guest. Howeve...
CVE-2020-25598
PUBLISHED: 2020-09-23
An issue was discovered in Xen 4.14.x. There is a missing unlock in the XENMEM_acquire_resource error path. The RCU (Read, Copy, Update) mechanism is a synchronisation primitive. A buggy error path in the XENMEM_acquire_resource exits without releasing an RCU reference, which is conceptually similar...
CVE-2020-25599
PUBLISHED: 2020-09-23
An issue was discovered in Xen through 4.14.x. There are evtchn_reset() race conditions. Uses of EVTCHNOP_reset (potentially by a guest on itself) or XEN_DOMCTL_soft_reset (by itself covered by XSA-77) can lead to the violation of various internal assumptions. This may lead to out of bounds memory a...
CVE-2020-25600
PUBLISHED: 2020-09-23
An issue was discovered in Xen through 4.14.x. Out of bounds event channels are available to 32-bit x86 domains. The so called 2-level event channel model imposes different limits on the number of usable event channels for 32-bit x86 domains vs 64-bit or Arm (either bitness) ones. 32-bit x86 domains...