Saturday, October 19, 2019

A couple of great articles



Blake Sobczak of E&E News publishes an excellent weekly newsletter on current cyber developments in energy, which I recommend you all sign up for. The newsletter is free to anyone, and you can sign up for it here.

The feature article in this week’s newsletter, which you can find here, makes a very good point: Whenever there’s a power outage of any magnitude, the utility (or governmental entity) in question will almost immediately reassure everyone that this wasn’t a cyberattack. But how could they possibly know that so quickly? Especially since attackers are getting better all the time at hiding their tracks.

And speaking of hiding their tracks, I also highly recommend you read the Wired magazine article linked just below Blake’s story. It’s about the Olympic Destroyer malware, which came very close to fulfilling its billing: destroying the 2018 Winter Olympics in South Korea.

I found it to be a really terrific story for three reasons: First, the attack was fiendishly well-designed, and the attackers made it almost completely impossible to trace where they came from. Second, it’s a great whodunit, describing how the author finally nailed down the nation-state that was responsible for the attack (and it’s probably not the one that would first come to mind for an attack on South Korea).

And third, given the nature and ferocity of the attack – which occurred literally at the beginning of the opening ceremony – the fact that it ended up having only minimal impact on the ceremony or the Games was due to excellent preparation beforehand by the team running the technology effort, and even more importantly to an amazing response to an attack that crippled all nine of the Games’ domain controllers. Because they were all fatally compromised, the team had to rebuild them all from scratch, and disconnect the entire Games from the internet while they did so. Yet they did that by the next morning, and very few attendees or staff even knew how close the Games came to being cancelled outright.


Any opinions expressed in this blog post are strictly mine and are not necessarily shared by any of the clients of Tom Alrich LLC.

If you would like to comment on what you have read here, I would love to hear from you. Please email me at tom@tomalrich.com. Please keep in mind that if you’re a NERC entity, Tom Alrich LLC can help you with NERC CIP issues or challenges like what is discussed in this post – especially on compliance with CIP-013. My offer of a free webinar on CIP-013, specifically for your organization, remains open to NERC entities and vendors of hardware or software components for BES Cyber Systems. To discuss this, you can email me at the same address.


No comments:

Post a Comment