Water Utility Network Flood Not an Attack

Friday, May 15, 2015 @ 03:05 PM gHale

During a network infrastructure upgrade, a water utility implemented a misconfigured switch, which flooded the network with traffic.

The error led to massive resource consumption on control system endpoints. To the facility, it looked as though the system was suffering from a malware infection, according to a report on the NCCIC/ICS Monitor.

Awareness Awakening: Firms Assume Compromise
Lack of Confidence in Handling a Breach
Internal Security Breaches Biggest Threat
Report: Execs Still Lack Security Understanding

The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) analyzed the router and switch configurations and found an error in how the spanning-tree protocol, which prevents network traffic re-broadcasting loops, ended up configured.

The misconfiguration caused too much network traffic to go out to endpoint devices, which overloaded the system processors.

ICS-CERT provided its analysis to the utility, which then made corrections to the configurations to correct the spanning-tree errors. All endpoints are now operating correctly and everything is running smoothly.

ICS-CERT has the following recommendations to consider when upgrading infrastructure:
• Engage with the integrators of new systems to ensure compatibility and proper configuration with current systems
• If available, test new configurations in a lab environment to determine what consequences may arise from configuration changes
• Ensure that the integrator is on site when the new configurations turn on and provide IT staff information and guidance for trouble-shooting any issues once the integrator has left

Leave a Reply

You must be logged in to post a comment.