MAR-APR 2017

Issue link:

Contents of this Issue


Page 36 of 53

INTECH MARCH/APRIL 2017 37 SPECIAL SECTION: CYBERSECURITY vented the specific attack kinematics. The fact that setting the SL-T at level 2 would have been enough to detect and prevent the attack with several lay - ers of defense may sound surprising to the reader, as this was (quite certainly) a state-sponsored cyberattack, which normally calls for SL-T=3 or even 4 to prevent. Actually, it is likely that the hacker could have matched SL-A=2 by devel- oping more advanced exploits and us- ing attack vectors other than the Inter- net, such as mobile media or mobile equipment introduced by rogue em- ployees or third parties. Nevertheless, those additional steps are more com- plex and expensive, and, because they were not needed, less advanced means were used. To summarize the takeaways of this cy- berattack using IEC 62443-3-3 guidance: As a mandatory first step, power dis- tribution utilities should aim for SL-T=2, VERBATIM ® GATEWAY Complete PLC alarm notification and interfacing capabilities CATALYST ® All-in-one data logging and remote monitoring solution FOR LOW-COST, HIGH-PERFORMANCE REMOTE MONITORING, RELY ON RACO Supports EtherNet / IP ™ & Modbus ® TCP protocols! To find out which product is right for you, visit RESOURCES Analysis of the Cyberattack on the Ukrainian Power Grid Ukraine_DUC_5.pdf "Utilities look back to the future" Previous ISA-France analysis ISA-flash/ISA_Flash_60.pdf BlackEnergy and Quedagh 1030745/blackenergy_whitepaper.pdf "Hackers attacked the U.S. energy grid 79 times this year" ogy/security/energy-grid-hack Cybersécurité des installations industrielles industrielles-Fourastier-Cambacedes/ dp/2364931681 "Basecamp for serial converters" basecamp-for-serial-converters ensuring at least minimal requirements about detection (SR 6.2) are met. To have several layers of defense, prevention, detection, and time for reactions in anticipation of the most sophisticated attacks, it is best to aim for SL-T=3. In any case, it is essential to set up security controls in a consistent way to ensure that all FR have achieved the same SL-A before aiming for a higher SL-T. Otherwise the efforts are useless, as demonstrated by the example at hand. n ABOUT THE AUTHORS Patrice Bock (patrice.bock@isa-france. org) of Sentryo is the ISA-France techni- cal leader. Jean-Pierre Hauet (ISA-France president and ISA99 committee voting member), Romain Françoise (Sentryo), and Robert Foley (MatrixGP) also contributed. View the online version at

Articles in this issue

Links on this page

Archives of this issue

view archives of InTech - MAR-APR 2017