Thursday, January 9, 2014

SANS gets Cyber-Physical with ICS Breach Response Guide

With apologies to Olivia Newton John, you may or may not be aware that some bad actors have been helping raise awareness about physical threats to electric infrastructure lately.  You might say, "Are we sure about this, or were they merely after some copper ... or groundnuts?"

Of course, it always pays to be skeptical, but in the age of video cameras, motion detectors and similar, it's clear that these were humans not after enrichment or nourishment, but rather, intent on destruction.

Mike Assante and Scott Swartz of security training firm SANS just released a how-to manual describing how you can help your utility proceed in the event of an attack.  In particular, they want utilities to be on the lookout for cyber security foul play as they investigate breaches of physical defenses.

Here's the intro for you:
The plans and success of any malicious cyber actor depend heavily on their target’s daily routine and complacency, and human nature’s tendency to not look beyond the obvious. This paper addresses the problem of blended intrusions by suggesting a cybersecurity response to facility break-ins that critical asset security managers can use to determine whether cyber assets might have been targeted during the physical breach. The response includes a systematic and graduated series of actions or checks for evaluating the integrity of cyberbased equipment once you have discovered evidence of a physical breach. Again, these are only suggestions, and any actions should be carefully considered in light of operational reliability, procedures and particular safety policies of the owners and operators.
So there's some human psychology involved in this too. You can (and should) click HERE to read the full paper.

No comments: