It's time to cyber-protect Industrial Control Systems

March 25, 2020

Again, another phishing email. This time the attackers went after a natural gas operator in the US. The attack was aimed at the Industrial Control System (ICS), affecting "crucial real-time operational data from control and communication equipment," according to the Department of Homeland Security. The malware invaded the Operation Technology (OT) network through the Information Technology (IT) network. Basically, the software infected the servers that monitor physical tasks. The Department of Homeland Security's advisor made clear that the company did not lose control of its compression equipment at any time. The attackers were never in control of the facility's operations. In short, they only reduced the gas operator’s ability to monitor its physical processes using its control systems.

When facility personnel realized they were under attack, they initiated a "deliberate and controlled shutdown." This affected all the facilities connected to the same pipeline. It took approximately two days to regain control and return to normal operations.

The Department of Homeland Security has produced a list of security flaws at the facility. For instance, the current emergency response plan did not address cyberattacks. So, employees did not know what to do when the attack occurred. The staff made real-time decisions using their own best judgment. They decided to treat the attack as less severe than the ones enumerated in their emergency response plan. Also, employees were not armed with a clear decision-making process for dealing with this type of attack. Finally, the report mentioned that the operator had not implemented cybersecurity measures to prevent malware moving from IT to OT networks. from one to the other.

This is one of the first attacks in the United States aimed directly at industrial control systems. A few months ago, malware called Ekans was discovered which primarily targets ICS. This new software is not only capable of encrypting data but also shuts down ICS processes before locking down the system.

Source: US natural gas operator shuts down for 2 days after being infected by ransomware

MIT Cybersecurity Clinic

The new MIT Cybersecurity Clinic (11.274 and 11.074) will be offered in both the fall and spring semester at MIT.

The Cybersecurity Clinic will consist of four-modules : Cybersecurity for Critical Urban Infrastructure: Understanding the Problem; How the MIT Cybersecurity Clinic Makes Initial Contact with potential Client Agencies; Onsite Assessment of Cybersecurity Vulnerability by MIT Clinic Staff; and Prepare and Submit a Final Cybersecurity Vulnerability Assessment to a Client Agency. MIT students who want to take on field assignments with the Cybersecurity Clinic (for academic credit) must pass the certification examination offered at the end of the fourth module.

Students who have achieved certification, will work in teams supervised by advanced doctoral and post-doctoral students during the last nine weeks of the spring semester to collaborate with an assigned client agency to prepare a Cyberattack Vulnerability Assessment for a client agency.

Social Cyberdefense of Critical Urban Infrastructure

MIT Cybersecurity Clinic

Who We ARe

Resources

About this Blog

Recent Blogs