SANS: ‘We Can Do This’

Wednesday, March 21, 2018 @ 03:03 PM gHale

By Gregory Hale
It is very easy to become overwhelmed defending an industrial network. After all, the hours are long, people are in short supply and the end result of an attack could be catastrophic.

Seems all doom and gloom. Wrong says Robert Lee and Tim Conway.

RELATED STORIES
Feds Alert on Russian Cyber Activity Targeting ICS
Hacking Robots with Ease
ARC: Holistic Plan to Secure Safety
Siemens, Partners Ink Cybersecurity Charter

“We can do this. We can fix it,” said Lee, founder and chief executive of industrial security provider Dragos, during is opening session at the SANS ICS Security Summit and Training in Orlando, FL, Monday. “You get to decide what the adversary has to do with all the things you add in. The only thing you don’t get to do is choose if you will be the target. This is the area that scares everybody. We can be the change agent that doesn’t get scared.”

Lee and Conway, technical director of ICS and SCADA at the SANS Institute, gave an opening talk giving the history of attacks that started in the 1970s on up to today. Needless to say, attacks today are more rampant, sophisticated and aggressive.

Attacks like those against the Ukraine power grid in 2015 and 2016 affected thousands of citizens who lost power for hours.

On top of that the most recently discovered attack going under the names of Triton, or Trisis, or HatMan against a Middle East critical infrastructure organization that got into a safety system where the safety system shut down the facility, have security professionals along with executives in the industry thinking more about how vulnerable systems truly are.

“If you are in this community, Trisis should upset you,” Lee said. “This was meant to hurt people.”

With safety systems traditionally placed on a network and then left to run for the next 15 to 20 years with various levels of testing and maintenances going on, the Trisis attack was a glaring case of how cyber attacks have changed the landscape.

“Cyber should now be a part of the safety system,” Conway said.

In addition to the safety system incident, the Ukraine power grid attacks posed other issues.

“Ukraine attacks should upset everybody,” Conway said. “It was an attack against people. If that doesn’t concern you, it should. The worst thing that could happen is the attacks could modify the logic and reconfigure the safety system.”

One of the key objects in any kind of attack is to understand who is going after what and why.

While people can talk about malware and ransomware and any other types of attacks, Lee said that the not the problem.

“The humans on the other side of the keyboard is your threat.”

There are active attacks targeting the grid, Lee said.

“Threats are becoming more aggressive and more sophisticated than we have ever had before,” Lee said.

Again, with the idea threats are coming at a more fast and furious pace, that should not frighten security professionals.

Successful security is much like a baseball umpire where if they are doing their job correctly, you don’t even know they are there.

“We have a lot more to do,” Lee said. “We hear about the attacks and successful events, but we don’t hear about the successes like we kept the system up today.”



Leave a Reply

You must be logged in to post a comment.