Blake
Sobczak of E&E News publishes an
excellent weekly newsletter on current cyber developments in energy, which I
recommend you all sign up for. The newsletter is free to anyone, and you can sign
up for it here.
The feature
article in this week’s newsletter, which you can find here,
makes a very good point: Whenever there’s a power outage of any magnitude, the
utility (or governmental entity) in question will almost immediately reassure
everyone that this wasn’t a cyberattack. But how could they possibly know that
so quickly? Especially since attackers are getting better all the time at
hiding their tracks.
And speaking
of hiding their tracks, I also highly recommend you read the Wired magazine article linked just below
Blake’s story. It’s about the Olympic Destroyer malware, which came very close
to fulfilling its billing: destroying the 2018 Winter Olympics in South Korea.
I found it
to be a really terrific story for three reasons: First, the attack was
fiendishly well-designed, and the attackers made it almost completely impossible
to trace where they came from. Second, it’s a great whodunit, describing how
the author finally nailed down the nation-state that was responsible for the
attack (and it’s probably not the one that would first come to mind for an
attack on South Korea).
And third,
given the nature and ferocity of the attack – which occurred literally at the
beginning of the opening ceremony – the fact that it ended up having only
minimal impact on the ceremony or the Games was due to excellent preparation
beforehand by the team running the technology effort, and even more importantly
to an amazing response to an attack that crippled all nine of the Games’ domain
controllers. Because they were all fatally compromised, the team had to rebuild
them all from scratch, and disconnect the entire Games from the internet while they did so. Yet they did that by the next morning, and very few
attendees or staff even knew how close the Games came to being cancelled
outright.
Any opinions expressed in this blog post are strictly mine
and are not necessarily shared by any of the clients of Tom Alrich LLC.
If you would like to comment on what you have read here, I
would love to hear from you. Please email me at tom@tomalrich.com. Please keep in mind that
if you’re a NERC entity, Tom Alrich LLC can help you with NERC CIP issues or
challenges like what is discussed in this post – especially on compliance with
CIP-013. My offer of a free
webinar on CIP-013, specifically for your organization, remains open to
NERC entities and vendors of hardware or software components for BES Cyber
Systems. To discuss this, you can email me at the same address.
No comments:
Post a Comment