DHS gives more details, including unclassified info, about electrical grid attacks by Russian agents

Brilliance Security Magazine & Search Security, June 26, 2018, with comments by Ray DeMeo;

This week’s announcement of attacks marks yet another round of break-ins into US utilities and electrical grids by Russian hackers. Viewed with increasing alarm, the Department of Homeland Security is offering utility providers an awareness briefing on Russian activity against critical infrastructure.  More information and dates for this briefing are coming early next week.

Some have wrongly taken a sense of security in the “air gapped” condition of ICS systems. But this is a false sense of security for numerous reasons.

Ray DeMeo, COO and co-founder of Virsec, noted that "relying on air-gapping for security is a dangerous anachronism."

As Ray explained to Search Security, "Air gaps are easily being bridged by social engineering, password theft, or, in the case of Stuxnet, a few rogue USBs. With the increasing convergence of IT and OT systems, the control systems that manage critical infrastructure are increasingly networked and connected,"

DeMeo wrote via email. "Plus, conventional security tools that rely on signatures must be connected in order to get the latest updates. Almost all of the recent attacks, successful attacks on power plants and other critical infrastructure have bypassed air gaps."

Ray DeMeo, Co-Founder and COO, Virsec, also commented to Brilliance Security Magazine:

“The threat of disruption to our critical infrastructure is very real, as recent attacks in the Middle East and Ukraine have shown. The outcomes may depend on the motivations of the hackers, but recent attacks have included ransoming critical data, service disruptions, or serious damage to control systems and physical equipment. The government is raising awareness, but responses need to be more aggressive and coordinated. The needs to shift from chasing endless elusive external threats, to directly protecting systems from attack in real-time.”

He also added, “Defense strategies need to pivot away from a sole focus on conventional perimeter defenses – the latest attacks have easily bypassed the perimeter. It’s crucial to detect and stop attacks in progress. Vendors need to do more to bridge a wide gap in technology and understanding between IT and OT (operational technology). We are far too dependent on air-gapping as our primary defense, despite the fact that systems are increasingly connected.”

Read full articles:

DHS details electrical grid attacks by Russian agents

Is Russia Planning an Attack Against U.S. Utilities?