Posts Tagged ‘Critical Infrastructure Protection’

The Middle East Joins the SCADA / ICS Standards Foray

April 15, 2012 1 comment

The oil rich countries in the Middle East depend on Industrial Control Systems (ICS) to run the Energy sector which is responsible in average for generating around 70-90 % of the national GDP. and ultimately providing around 40% of the world’s total energy consumption.

Since STUXNET news surfaced 18 month ago, the region has witnessed not less than 20 different information and cyber security conferences that addressed the topic and highlighted the ICS security issue as a monumental risk to the GCC region in particular.

The Kaspersky chart below show STUXNET infection rates in the GCC countries,(UAE,Saudi,Kuwait,Bahrain,Qatar and Oman).

STUXNET in Middle East

and recently the state of Qatar through the national CERT issued the region’s first national level ICS security Guidelines in Arabic as well as an English translated version. currently the document “planned to be updated annually” is not mandatory but the document’s roadmap is likely to see a change in the next few years.

You can download a copy of the English translation here (Download)

Press Coverage – Here

Stuxnet: Introduction, Installation and Infection Video

February 23, 2011 Leave a comment


This demonstration video takes a detailed look at the Stuxnet worm on a Siemens PCS7 FieldPG host. The demo provides a brief overview of the worm, and then takes a look at how it exploits Windows vulnerabilities to install itself on the target host, infect various Windows and Siemens components, and then replicate itself for installation on other hosts.

Additional information available at This demonstration video takes a detailed look at the Stuxnet worm on a Siemens PCS7 FieldPG host. The demo provides a brief overview of the worm, and then takes a look at how it exploits Windows vulnerabilities to install itself on the target host, infect various Windows and Siemens components, and then replicate itself for installation on other hosts.

Oil and Gas Targeted Attacks Hit Exxon and Conocophillips

January 26, 2010 1 comment

A recent article in csmonitor revealed some details about targeted attacks that took place back in 2008. the article mentioned that At least three US oil companies were under targeted attacks originating from … yes you guessed right, China “Who else and why this news now !”.

The breaches reportedly, were focused on one of the crown jewels of the industry: valuable “bid data” detailing the quantity, value, and location of oil discoveries worldwide.


“The companies – Marathon Oil, ExxonMobil, and ConocoPhillips – didn’t realize the full extent of the attacks, which occurred in 2008, until the FBI alerted them that year and in early 2009. Federal officials told the companies proprietary information had been flowing out, including to computers overseas, a source familiar with the attacks says and documents show.

The data included e-mail passwords, messages, and other information tied to executives with access to proprietary exploration and discovery information, the source says.”

end Quote.

My comments:

This is pretty normal in a world that is literally fighting for fuel and energy, China has been heavily investing in the oil rich district of Darfur, Sudan to the dismay of other influential players and that triggered a lot of violence. In 2009 China built 4 glorious football stadiums for Angola “Africa’s top Oil exporter providing 7% of the total US oil imports” as a token of friendship !. The same can be said about Halliburton and their exploitation of Iraqi oil.

It’s also evident that the next major conflict (Fight for oil included ) will be settled in cyber space or at least start in space. (Israel’s E-tack on Syria) and its up to each and every government/company to be prepared or be pwned.

Now is the best time to mark your territory in cyber space, as an early bird “and for a limited time only” you are allowed to hit below the belt and maximize the damage…simply because there are no belts, yet.

With international consensus on this subject missing, everything and anything is permitted till further notice. even the US and Google cant do anything about it except denouncing and threatening to pull out of the world biggest internet market (US can only denounce China Attacks).

The bottom line is that like everything else information gathering is taking another mean/conduit and that is the Internet. nowadays a country’s biggest asset might be a 15 years old who can infiltrate a radar system from his Playstation game console.

How many 15 year olds have you got ?

Are Critical Infrastructure Cyber Attacks Really on the Rise ?

December 24, 2009 Leave a comment

Recently many argued whether Cyber-attacks against Critical Infrastructures are real and dramatically on the rise, as the media would like us to think. (The recent Brazil’s Power Outage made headlines around the world).

Others confidently backed this Cyber-attacks downplay assumption by their statistical perception of a recent report by the Repository of Industrial security Incidents (RISI), RISI which keep track of “reported/verified” security incidents in the USA since 1982, recently stated that the incidents count has reached 164 in 2009. That’s basically an average of 6 incidents per year.

And then they asked a question.

If the US recorded 8 or 9 incidents next year, can we confidently say that the Cyber Attacks rate is dramatically on the rise, and that we should be really worried?

The answer is simple, I agree that in most countries there isn’t enough data (on a national level) at hand to confidently confirm or deny anything.

While I personally believe that the rate of Cyber-attacks against Critical Infrastructures “World Wide” is definitely rising, simply because of the improved Means and Motives. (Its easier and more rewarding today than 5 years ago).

I feel that when we talk critical infrastructure we often overlook that our world is now more interlinked and interdependent than it ever was. So even in the imaginary case of Zero incidents taking place in the USA as an example, this doesn’t mean that everything is ok and that the ultimate goal of Critical Infrastructure Protection is served. Right now I can name a company in North Africa that’s providing Paris with 30% of its total daily natural gas consumption. And another company in the Persian Gulf that’s providing the UK with +20 % of its daily natural gas needs. “Not to mention Aramco’s crude oil exports to the US ad Japan”.

Who can argue that a Cyber-attack on any of the examples above is less important and ultimately less effective compared to an attack on a French or UK based plant.

I believe that when thinking about Critical Infrastructures and judging whether attack rates are on the rise or declining it’s only wise to aggregate global statistics to get the true picture of the threat on the ground because in many ways this ecosystem works similar to the modern financial world. And focusing only on local statistics will often give a false feeling of security.

As an example, In the last Brazilian black out Every one seemed to neglect the fact that while two major Brazilian cities suffered, the entire country of Paraguay plunged into darkness. Does Paraguay’s Cyber-attacks clean sheet mean anything here?

I can also see this occurring in the entwined electrical grid of many EU countries and between several former Soviet Union countries.

Another example that comes to my mind comes from the communication sector, back in 2007 when on two separate occasions (one of them few days before the 2007 Gaza strip war) there was a major Internet blackout across the Middle East after targeting the region’s 3 main Internet Sub Marine fiber cables (although several hundred miles apart), this incident didn’t only affect the region but had cascading effect that reached up to the shores of India costing the country’s IT outsourcing economy millions of dollars in lost bandwidth. Was there an Attack on Indian critical infrastructure ?…No , did India suffer ?…Yes.

This is a global threat/issue and should always be treated as such. localized statistics while important are only part of the big picture.

Sub Marine Internet Cables

Sub Marine Internet Cables

The Empire Strikes Back – More on Brazil Blackouts

November 11, 2009 1 comment

2005, 2007 and now you can add November 2009.

Yesterday the Itaipu dam an important hydroelectric dam shared by Brazil and Paraguay failed last Tuesday night, pushing a large swath of central and southern Brazil into darkness, said the country’s minister of mines and energy, Edison Lobao. source (CNN)

A recent comment by bernardo from Brazil (Here) on my previous post implies that this is a coordinated attack that took place at exactly 22 hours. when die hard 4.0 was about to begin on FX Cine Latin America !!.
Die Hard 4.0 Schedule

The Official response so far was ” the exact cause was not yet known but atmospheric problems, an intense storm, may have contributed to or caused the transmission lines to Itaipu to shut down.” said the the country’s minister of mines and energy, Edison Lobao to reuters.

While the real cause of the problem remains to be unclear, it appears that hackers are not fond of the itaipu dam IT infrastructure. One thing for certain is that the itaipu servers has been “visited” before.

itaipu servers hacking incidents in 2000 and 2001

itaipu servers hacking incidents in 2000 and 2001

Incident Record Source: Zone-h

Russian Hackers Attack an Azerbaijani Energy Pipeline

August 26, 2009 Leave a comment

Aviation week reported that Russian hackers attacked servers controlling an energy pipeline carrying gas from Azerbaijan to Europe bypassing Russia. The hacker attacks caused suspension in the pipeline operations, forcing the operating company to redirect the oil through Baku-Novorossiysk Russian pipeline. Georgian websites claim that the attacks had the same IPs as those of Estonian websites DDos during the 2007 Estonian Cyber attacks.

The news are still to be confirmed.

But one question remains : If the reports are correct, Why such a system is accessible from the Internet in the first place ?

More on the story:

Smart Grid Initiatives and Government Intervension World Wide

August 11, 2009 Leave a comment

I’m trying to link Smart Grid Initiatives “large and small” worldwide with global trends of government intervention, mandated compliance, and regulatory frameworks within the concept of “Critical Infrastructure Protection” CIP. In other words, is the world in general leaning towards mandated compliance ? or are we still seeing a fight back in favor of industry self compliance?.

I began by looking at the Smart Meters Projects Map (Created by the Energy Retail Association – UK). I noticed the following:

Smart Meter Projects World Wide

Smart Meter Projects World Wide

– About 32 Countries in Total announced Smart Metering Projects as of 2009 “See Map”, 24 (75% of the total number) reportedly have or are working on CIP programs “with different Maturity levels”.

– I evaluated what’s publicly available on the CIP programs within those 24 countries against the “ International CIIP Handbook“. and mapped the CIP programs against More or Less government Intervention.

Government CIP Involvement

Government CIP Involvement

– It’s clear that we are going towards state mandated compliance with the majority starting off from column DGovernment is a consultant” towards Column BGovernment Clearly mandates clear and Precise CIP Standards“. Except for the United States which starts from Column EIndustry Self Regulation“.
– Although enjoying the strongest momentum, the US might not be the perfect model for the rest of the world, the US road map is certainly different.
– This Blog Visitors map “see top right” show exactly the same 24 countries.

Note: The “Gov/CIP involvement” Diagram is Based on the article “Models of CIIP” by Dan Assaf. Published in elsavier’s “International Journal of Critical Infrastructure Protection” Volume 1. 2008