![]() ![]() Using purpose-built malware the goal was to enable undetected, arbitrary modification of SIS parameters, says Slowik. The 2017 attack on a petrochemical plant in Saudi Arabia led to multiple unexpected plant shutdowns due to the plant’s safety instrumented systems (SIS) tripping for then-unknown reasons. Absent these conditions, it would be highly unlikely for the sequence of events required to restore operations in an unprotected, unsafe state (enabling possible destruction) would materialize ” “In this particular case, removing operator logical control (to force manual operations) combined with loss of logical view into the health and status of the system was used in sequence to enable a process protection-focused attack scenario. The incident again wiped control systems to induce loss of control, Slowik says, although it was also likely aimed at a loss of view condition as well to enable a potentially destructive (if failed) physical damage scenario. Six Russians military intelligence members have been accused of being behind this and other attacks Then wiper malware removed remote operational control, after which a malicious firmware update to serial-to-ethernet converters made communicating with equipment impossible. For that operations to succeed, Slowik said, plant personnel had to be locked out of their workstations to prevent operator intervention during the initial phases of the attack. The 2015 attack on Ukraine’s power grid which caused a widespread blackout. Absent this critical step, operators would have been able to detect anomalous operations in the plant environment enabling intervention and process diagnosis In this specific case, the malware recorded “normal” plant operations then played these recordings back to monitoring systems during physical attack sequences to mask events from plant operators. “The critical item enabling Stuxnet’s success was the malware’s ability to induce a general loss or denial of view condition in the victim environment. ![]() The 2009 Stuxnet attack on Iran’s centrifuges at a nuclear enrichment plant. While crafting a conclusion, Slowik looked at four well-known cyberattacks on ICS systems: A plant worker noticed the manipulation of the sodium hydroxide on his screen and when the attacker returned the level to its proper point. News reports say the access password was shared among a number of employees. “Although the incident resulted in neither significant disruption nor outright damage, the simple fact that some unknown entity attempted the above action is deeply concerning, reflecting either callousness given the potential harm, or ignorance as to what the attempted change might have produced in the serviced population,” he added.Īccording to statements from the city and news reports, someone accessed the water plant management system through the remote access software TeamViewer and boosted the amount of sodium hydroxide (lye) in the water treatment system. ![]() The modification to sodium hydroxide levels was so extreme as to almost certainly trigger engineering or other non-ICS (industrial control system) controls or alarms within the environment.The intruder did not attempt to hide or mask their activity through interaction with or overwrite of HMI (human-machine interface) systems or spoofing of sensor data.Events took place during normal operational hours where personnel were on-hand and available to quickly respond.Slowik came to his conclusion by considering three facts: It was just one of several analyses of the scary incident that the City of Oldsmar publicized on Monday. The attack “was either immature, rushed, or potentially unintentional,” Joe Slowik wrote in an analysis on Thursday. The person who broke into a Florida water treatment plant and increased the concentration of a chemical likely wasn’t an experienced attacker, argues a senior security researcher with Domain Tools. Artificial Intelligence (905) Auto Tech (46) Blockchain (173) CanadianCIO (94) Careers & Education (4430) Channel Strategy (35) Cloud (2078) Communications & Telecom (411) Companies (1031) Data & Analytics (1294) Development (730) Digital Transformation (1228) Distribution (126) Diversity & Inclusion (62) Ecommerce (91) Emerging Tech (24213) End User Hardware (50) Engineering (79) Financial (160) FinTech (86) Future of Work (346) Governance (106) Government & Public Sector (6067) Human Resources (858) Infrastructure (8521) IoT (6173) ITWC Morning Briefing (127) Leadership (4279) Legal (162) Legislation (165) Managed Services & Outsourcing (4311) Marketing (61) MarTech (3) Medical (31) Mobility (3428) Not For Profit (21) Open Source (29) Operations (84) People (149) Podcasts (2030) Privacy (640) Project Management (1099) Security (7980) Service (43) Smart Home (18) SMB (59) Social Networks (201) Software (4163) Supply Chain (122) Sustainability (104) Tech in Sports (5) Women in Tech (182) ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |