InTech

MAR-APR 2017

Issue link: http://intechdigitalxp.isa.org/i/806223

Contents of this Issue

Navigation

Page 36 of 53

INTECH MARCH/APRIL 2017 37 SPECIAL SECTION: CYBERSECURITY vented the specific attack kinematics. The fact that setting the SL-T at level 2 would have been enough to detect and prevent the attack with several lay - ers of defense may sound surprising to the reader, as this was (quite certainly) a state-sponsored cyberattack, which normally calls for SL-T=3 or even 4 to prevent. Actually, it is likely that the hacker could have matched SL-A=2 by devel- oping more advanced exploits and us- ing attack vectors other than the Inter- net, such as mobile media or mobile equipment introduced by rogue em- ployees or third parties. Nevertheless, those additional steps are more com- plex and expensive, and, because they were not needed, less advanced means were used. To summarize the takeaways of this cy- berattack using IEC 62443-3-3 guidance: As a mandatory first step, power dis- tribution utilities should aim for SL-T=2, VERBATIM ® GATEWAY Complete PLC alarm notification and interfacing capabilities CATALYST ® All-in-one data logging and remote monitoring solution FOR LOW-COST, HIGH-PERFORMANCE REMOTE MONITORING, RELY ON RACO Supports EtherNet / IP ™ & Modbus ® TCP protocols! To find out which product is right for you, visit racoman.com/InTech RESOURCES Analysis of the Cyberattack on the Ukrainian Power Grid https://ics.sans.org/media/E-ISAC_SANS_ Ukraine_DUC_5.pdf "Utilities look back to the future" www.eenews.net/stories/1060040590 Previous ISA-France analysis www.isa-france.org/telechargement/fichiers/ ISA-flash/ISA_Flash_60.pdf BlackEnergy and Quedagh www.f-secure.com/documents/996508/ 1030745/blackenergy_whitepaper.pdf "Hackers attacked the U.S. energy grid 79 times this year" http://money.cnn.com/2014/11/18/technol- ogy/security/energy-grid-hack Cybersécurité des installations industrielles www.amazon.fr/Cybersecurite-installations- industrielles-Fourastier-Cambacedes/ dp/2364931681 "Basecamp for serial converters" www.digitalbond.com/blog/2015/10/30/ basecamp-for-serial-converters ensuring at least minimal requirements about detection (SR 6.2) are met. To have several layers of defense, prevention, detection, and time for reactions in anticipation of the most sophisticated attacks, it is best to aim for SL-T=3. In any case, it is essential to set up security controls in a consistent way to ensure that all FR have achieved the same SL-A before aiming for a higher SL-T. Otherwise the efforts are useless, as demonstrated by the example at hand. n ABOUT THE AUTHORS Patrice Bock (patrice.bock@isa-france. org) of Sentryo is the ISA-France techni- cal leader. Jean-Pierre Hauet (ISA-France president and ISA99 committee voting member), Romain Françoise (Sentryo), and Robert Foley (MatrixGP) also contributed. View the online version at www.isa.org/intech/20170406.

Articles in this issue

Links on this page

Archives of this issue

view archives of InTech - MAR-APR 2017