Introduction to the concept of Hybrid Threats

 

Georgios Giannopoulos (Scientific Officer, European Commission, DG Joint Research Centre) will be speaking at the EE-ISAC Expert Seminar on 7 September. He will provide us with an introduction to the concept of Hybrid Threats.

Hybrid Threats

Hybrid Threats can be defined as a mixture of coercive and subversive activities, conventional and unconventional methods (i.e. diplomatic, military, economic, technological), which can be used in a coordinated manner by state or non-state actors to achieve specific objectives while remaining below the threshold of formally declared warfare. Hybrid Threats also are a hot issue within the EU and critical infrastructures (including energy) have a central role in this field.

Framework for Industrial and Automation Control Systems

Furthermore, the work that the DG Joint Research Centre (JRC) is conducting towards a certification framework for Industrial and Automation Control Systems will be presented. This work is part of the support that the JRC provides to Directorate‑General for Communications Networks, Content and Technology (DG CONNECT) and it is particularly relevant to the recently adopted NIS Directive. Finally, an update on the Incident and Threat Information Sharing EU Centre (ITIS-EUC) will be provided.

TNCEIP

The EE-ISAC Expert Meeting is organized in collaboration with the Thematic Network on Critical Energy Infrastructure Protection (TNCEIP). TNCEIP is an initiative by DG ENER and supported by DG JRC. The aim of this network is to connect electricity, oil and gas operators and also transmission & distribution companies to

EE-ISAC and TNCEIP are welcoming European utilities to join this free-to-attend seminar on trusted cyber security information sharing within the European energy landscape. Click here for more information about the seminar.

 

Please note: registration is open to utilities only. 

 

Accomplishing a mature cyber security culture: how to empower employees as your First Line of Defense?

 

Like any other grid operator, EDP Distribuição has the responsibility to protect its critical energy infrastructure. What can we learn from their strong focus cultural change?

EDP strongly believes that it can only be successful if it fosters and elevates both cyber security and data protection from a merely technical challenge to an overall organization objective, achieved through a deep cultural change and a general understanding of what is at stake.

 

Top-down commitment & common values

To accomplish such a mature cyber security culture, EDP aims to ensure a top down commitment and establish common values and behaviors by continuously improving security awareness and training.

Therefore, EDP has established a Cyber Security cultural shifting program assuring that its employees are the first line of defense against cyber threats. The program encompasses different training and/or awareness initiatives considering the specificities of the various target audiences.

 

Presentation at EE-ISAC Expert Meeting (7 September, Athens)

Aurélio Blanquet (Director of Automation and Telecommunications) & Nuno Medeiros (Head of OT Cyber Security) will be sharing their vision and explain how EDP:

  • is empowering its employees as the First Line of Defense
  • using their Training and Awareness Program on Cyber Security of Critical Information Infrastructure (CII)
  • enhancing its cyber resilience with the Cyber Range Platform

On behalf of all EE-ISAC Members, EDP Distribuição is welcoming European utilities to join this free-to-attend seminar on trusted cyber security information sharing within the European energy landscape. Click here for more information about the seminar, including the session in collaboration with TNCEIP and the afternoon session with a country focus on Greece.

 

Please note: registration is open to utilities only. 

 

 

The missing link in protecting critical facilities

 

How does one tell if unusual traffic on the network originated from a malicious insider, a malware or some rogue device attached to the network?

And can you tell whether a legitimate maintenance personnel entering and exiting a facility only performed the task he was supposed to do and not something “extra” because he has been bribed, threatened or simply made a mistake?

Kayato Sekiya, Principal Researcher at NEC, argues that answering the above types of questions is difficult since two critical properties are missing from most security systems:

  1. Integration of cyber security and physical security
    Conventionally, IT cyber security, control system cyber security and physical security has been monitored by separate departments using independent systems which has resulted in lack of situational awareness and of strict policy enforcement.
     
  2. Segregation in monitoring of automated processes and human-intervened tasks
    Automated processes and human-intervened tasks intrinsically have very distinct security requirements. Automated processes even if suspicious should never be blocked. However, each human-intervened task should be authorized before execution and any suspicious activities in general should be escalated to higher authority and blocked until explicit security clearance.

 

The approach of Automated Processes Monitoring & Human-Intervened Task Monitoring

At the EE-ISAC Expert Seminar in Athens, Mr Sekiya will be discussing the above and explaining how to deal with these challenges following the approach of

  • Automated Processes Monitoring: Automated learning of “benign process” model and detection of “malicious processes” through network / application anomaly detection.
  • Human-Intervened Task Monitoring: Continuous monitoring, recording and restriction of workers’ behaviors across physical and cyber space based on identity and authorization.

For human-intervened task monitoring, a case study will be discussed in which security administrators were able to view and control a worker’s activities across physical and cyber. Workers were then enforced follow a specific sequence of activities that is defined by the work order.

 

EE-ISAC Expert Seminar on 7 September (Athens)

Mr Sekiya is presenting during the EE-ISAC Expert Meeting. On behalf of all EE-ISAC Members, ENISA is welcoming European utilities in Athens to join this free-to-attend seminar on trusted cyber security information sharing within the European energy landscape.

Click here for more information about the seminar, including the full-day, free-to-attend programme.

 

Please note: registration is open to utilities only. 

Seminar: Trusted cyber security information sharing within the European energy landscape

 

As EE-ISAC's main purpose is to improve the cyber resilience of the European energy grid, we will be organizing a free-to-attend seminar on the 7th of September focusing on trusted cyber security information sharing within the European energy landscape.

 

Full-day cyber security programme

In collaboration with the TNCEIP, EE-ISAC will welcome cyber security experts from European DSOs and TSOs to promote, help organize and foremost, execute actual cyber security information sharing.

EE-ISAC member ENISA, the European Union Agency for Network and Information Security, will be hosting the seminar in Athens, Greece. ENISA is working on a soon to be published, full-day programme including:

  • Morning session with a special focus on the connection between TSOs and DSOs, including presentations from both the TNCEIP (Thematic Network on Critical Energy Infrastructure Protection, allowing operators to exchange information on threat assessment, risk management, cyber security, and other related topics) and EE-ISAC
  • Two afternoon sessions, one of them titled ‘The European threat landscape’ and the second having a special country focus on Greece
  • Networking event

Registration for the seminar will be open for utilities only. For more information, please contact info@ee-isac.eu.

On behalf of all EE-ISAC members, we look forward to welcome you in Athens on the 7th of September!

 

Please note: registration is open to utilities only. 

 

 

 

 

PoC: Ransomware attacks targeting SCADA devices

 

As part of the information sharing during our Member Meeting in May, Applied Risk has briefed its fellow EE-ISAC members about a PoC they undertook determining that target field devices could be compromised and turned to a black-box development environment to develop and spread ransomware. They shared the implications of this vulnerability and practical countermeasures to mitigate the risk.

The information sharing resulted in a new EE-ISAC initiative: Applied Risk and Security Matters will jointly prepare a white paper to address emerging cyber threat targeting in particular the power sector.

Mission-critical control systems that don’t pose an obvious risk can be hijacked and leveraged for attacks

Cybercriminals have been increasingly relying on ransomware to make a profit by taking hostage personal and business files. Experts have also started issuing warnings regarding the possibility of ransomware attacks targeting industrial systems. Proof-of-concept (PoC) ransomware designed to target industrial control systems (ICS) was described recently by security firm CRITIFENCE and researchers at the Georgia Institute of Technology.

These attacks focused on programmable logic controllers (PLCs), which are often critical for operations and can represent a tempting and easy target for malicious actors. However, Alexandru Ariciu, an ICS security consultant at Applied Risk, disclosed another potential target on Thursday at SecurityWeek’s 2017 Singapore ICS Cyber Security Conference.

PoC: ransomware attacks targeting SCADA devices

Ariciu showed that ransomware attacks, which he has dubbed “Scythe,” can also target SCADA devices that are inconspicuous and which may be considered less risky. Applied Risk undertook a PoC determined that target field devices can be compromised and turned to a black-box development environment to develop and spread ransomware:

  1. Find target field device
  2. Infect the target device and load the ransomware
  3. Send the Ransomware Note
  4. Collect the Ransom

If you are interested to hear more, contact Jalal Bouhdada or read more:

http://www.securityweek.com/new-scada-flaws-allow-ransomware-other-attacks

https://applied-risk.com/blog/ransomware-are-industrial-environments-leaving-pandoras-box-wide-open

 

 

 

Pages