(CS)2AI ONLINE- Mission Kill: Process Targeting in ICS Attacks, with Joe Slowik

Miami Cyber Security for Control Systems
Miami Cyber Security for Control Systems
Public group

Online event

This event has passed


Kicking off our 2021 (CS)2AI ONLINE event series with a bang, Joe Slowik of Domain Research is serving up a triple set of case studies illustrating the evolution and increasing dangerousness of control system attack methods.

Registration now to reserve a seat and join the discussion! https://attendee.gotowebinar.com/register/4484785195838524944?source=011421MeetupEvents

Typical conceptions of ICS targeting focus on direct disruption of organizations through a single, specific action resulting in total operational loss: opening breakers to interrupt electricity flow, or tripping a safety system to shut down a plant. Yet further analysis of ICS events over time indicates adversaries are pursuing far more interesting - and ambitious - attack patterns in industrial environments.

After the 2015 Ukraine power event, ICS-focused attacks began to shift from direct disruption to changing, modifying, or otherwise undermining fundamental ICS processes to stage more-serious attacks, or identifying specific process “pain points” with outsized value to victim environments. Previously theoretical, developments from 2016 Ukraine to present show clear evidence that adversaries are learning about process/operational dependencies and leveraging these to achieve industrial maximum impact.

We’ll examine 3 case studies: 2016 Ukraine, 2017 TRISIS, and (although not cyber, relevant for targeting purposes) the 2019 attack on the Abqaiq oil processing facility. In each, attackers identified operational “pain points” for targeting (protective relays, safety instrumented systems, hydrodesulfurization facilities) to create cascading or outsized impacts from specific device compromise (or destruction). Such operations show clear effort by attackers to learn about industrial processes to identify “weak points” for attack, with resulting capability of producing potentially disastrous results.

Given these developments, ICS security operations move beyond IT-centric defense (but on legacy or limited equipment) into a more interesting realm of fusing IT visibility with industrial process awareness. Understanding process environments and identifying critical path nodes for a defended facility is vital to ensure appropriate defense. By understanding how attackers have evolved, ICS and critical infrastructure defenders can ensure better resource allocation and positioning to counter future ICS attacks.

Registration for this event is necessary at: https://attendee.gotowebinar.com/register/4484785195838524944?source=011421MeetupEvents

Attendees (1)

Go to Attendee List