Water utility suffers cyber incident
A water utility reported a cyber incident when remote users experienced difficulties logging into the control systems, according to an ICS-CERT report.
By Gregory Hale; Source: ISS Source
A water utility reported a cyber incident when remote users experienced difficulties logging into the control systems, according to an ICS-CERT report.
Offsite and onsite analyses revealed the cause of the incident was general crimeware and was not a targeted attack, ICS-CERT said. The utility’s control systems did not suffer any repercussions as a result of the incident. ICS-CERT did not name the utility.
As a result of the event, ICS-CERT coordinated with the FBI, state, and local law enforcement during and after the incident.
While onsite, ICS-CERT reviewed network topologies and control systems architecture and evaluated the water utility’s current security and detection measures.
They also provided mitigations and made recommendations for strengthening the existing cyber security and incident detection mechanisms. The water utility has since sanitized its systems and implemented stronger and tighter security practices.
Some of the general lessons learned include:
- Secure remote access with VPNs or two-factor authentication. For more information about configuring and managing remote access, review Configuring and Managing Remote Access for industrial Control Systems.
- Prepare for incidents with a formalized incident response plan. Enable logging and leverage the static nature of a control system to look for anomalies. Retain logs for a sufficient amount of time.
- Understand how to preserve forensic data for analysis and reporting when an incident occurs. Capture forensic images of the system memory and hard drive prior to powering down the system. Also, avoid running antivirus software “after the fact” as the AV scan changes critical file dates and impedes discovery and analysis of suspected malicious files and timelines.
Understand, even with the best cyber defense mechanisms in place, incidents will likely occur.
- Related News:
Power firm gets NERC-CIP boost - 26.04.2011 19:53- Blowout preventer not tested to shear pipe - 26.04.2011 09:05
- Fraud foray fools phishing filter - 26.04.2011 09:04
- Even firewalls have holes - 26.04.2011 09:03
- Oak Ridge hit by cyber attack - 26.04.2011 09:01
- FPL wind turbine hack a hoax - 26.04.2011 09:00
Case Study Database
Get more exposure for your case study by uploading it to the Consulting-Specifying Engineer case study database, where end-users can identify relevant solutions and explore what the experts are doing to effectively implement a variety of technology and productivity related projects.
These case studies provide examples of how knowledgeable solution providers have used technology, processes and people to create effective and successful implementations in real-world situations. Case studies can be completed by filling out a simple online form where you can outline the project title, abstract, and full story in 1500 words or less; upload photos, videos and a logo.
Click here to visit the Case Study Database and upload your case study.
