Archive for December, 2009

Are Critical Infrastructure Cyber Attacks Really on the Rise ?

December 24, 2009 Leave a comment

Recently many argued whether Cyber-attacks against Critical Infrastructures are real and dramatically on the rise, as the media would like us to think. (The recent Brazil’s Power Outage made headlines around the world).

Others confidently backed this Cyber-attacks downplay assumption by their statistical perception of a recent report by the Repository of Industrial security Incidents (RISI), RISI which keep track of “reported/verified” security incidents in the USA since 1982, recently stated that the incidents count has reached 164 in 2009. That’s basically an average of 6 incidents per year.

And then they asked a question.

If the US recorded 8 or 9 incidents next year, can we confidently say that the Cyber Attacks rate is dramatically on the rise, and that we should be really worried?

The answer is simple, I agree that in most countries there isn’t enough data (on a national level) at hand to confidently confirm or deny anything.

While I personally believe that the rate of Cyber-attacks against Critical Infrastructures “World Wide” is definitely rising, simply because of the improved Means and Motives. (Its easier and more rewarding today than 5 years ago).

I feel that when we talk critical infrastructure we often overlook that our world is now more interlinked and interdependent than it ever was. So even in the imaginary case of Zero incidents taking place in the USA as an example, this doesn’t mean that everything is ok and that the ultimate goal of Critical Infrastructure Protection is served. Right now I can name a company in North Africa that’s providing Paris with 30% of its total daily natural gas consumption. And another company in the Persian Gulf that’s providing the UK with +20 % of its daily natural gas needs. “Not to mention Aramco’s crude oil exports to the US ad Japan”.

Who can argue that a Cyber-attack on any of the examples above is less important and ultimately less effective compared to an attack on a French or UK based plant.

I believe that when thinking about Critical Infrastructures and judging whether attack rates are on the rise or declining it’s only wise to aggregate global statistics to get the true picture of the threat on the ground because in many ways this ecosystem works similar to the modern financial world. And focusing only on local statistics will often give a false feeling of security.

As an example, In the last Brazilian black out Every one seemed to neglect the fact that while two major Brazilian cities suffered, the entire country of Paraguay plunged into darkness. Does Paraguay’s Cyber-attacks clean sheet mean anything here?

I can also see this occurring in the entwined electrical grid of many EU countries and between several former Soviet Union countries.

Another example that comes to my mind comes from the communication sector, back in 2007 when on two separate occasions (one of them few days before the 2007 Gaza strip war) there was a major Internet blackout across the Middle East after targeting the region’s 3 main Internet Sub Marine fiber cables (although several hundred miles apart), this incident didn’t only affect the region but had cascading effect that reached up to the shores of India costing the country’s IT outsourcing economy millions of dollars in lost bandwidth. Was there an Attack on Indian critical infrastructure ?…No , did India suffer ?…Yes.

This is a global threat/issue and should always be treated as such. localized statistics while important are only part of the big picture.

Sub Marine Internet Cables

Sub Marine Internet Cables

The UN is offering SCADA security training

December 15, 2009 Leave a comment

SCADA security and CIP has been recognized by the UN as areas that pose significant threat to the international scene and has included both topics in their upcoming UN Cyber Crime training programs

The UN Courses has two difficulty levels:

-Basic : 1400 Euro
-Intermediate: 2500 Euro

– Snippets from the UN website-

The Basic-level SCADA & NCI Security course is 3 days long and is meant to provide a non-technical audience with an overview of the current state of SCADA and NCI architectures, and will include the following:

Introduction and examples of SCADA & NCIs,
Examples of real past incidents involving SCADA security failures,
Existing standards and best practices,
The difference between traditional IT security and SCADA/PCS security,
A special guest: an inside view from a SCADA vendor.

The 5-day Intermediate course is addressed to a technical audience and will include:

A special guest, highlighting the question of Open-source vs. SCADA,
Many live lab sessions showcasing both offensive and defensive techniques within a networked SCADA environment,
Historical and recent security incidents,
A special guest, discussing the task of hardening a SCADA infrastructure,
Discussion on performing penetration tests against NCIs.

More can be found on : UN SCADA Cyber Training