Security Market Segment LS
Monday, 23 May 2016 16:16

Ukraine blackouts should never have happened


The acronym ICS is short for industrial control systems – a pleasant TLA (three-letter acronym) that is the basis of critical infrastructure like water and waste treatment, nuclear and conventional power plants and so much more. ICS is hackable!

iTWire reported on ‘Darkness in the Ukraine” where 225,000 residents lost power due to what is the first known ICS hack.

Check Point Software,  a global software and hardware security provider, has been following the Ukraine debacle and offered comment on the use of NERC-SIP (North American Electric Reliability Corporation Critical Infrastructure Protection) requirements and how, if these were observed, would have likely protected the Ukraine’s ageing infrastructure.

David De Laine, regional managing director for Australia and New Zealand at Check Point Software, has offered more commentary following the recent Sydney Morning Herald report that power networks need to be on high alert amid cyber threats.

Essentially electricity network companies face having to further beef up their defences against cyber attacks as the rise of small-scale renewable power generation increases the vulnerability of the grid. Prime Minister Malcolm Turnbull revealed that the Bureau of Meteorology had suffered an "intrusion" last year, while energy networks have been of particular interest to cyber attackers, with at least 60 incidents in 2014-15.

We present De Laine’s sage advice.

The recent government announcement on the national cyber-security strategy highlights just how important it is for all of us to start thinking differently and also brings a very relevant and crucial subject to everyone’s attention – protecting critical infrastructure.

The mission of protecting critical infrastructure (industrial control systems - ICS) is so vital that it cannot be left to just any security solution. Every day we expect water to flow from our taps, our electricity to work, and traffic lights to move traffic along quickly and efficiently. Interruptions in any of these essential systems, even if only for a few hours, wreak havoc.

In a recent blog post The Next Battleground – Critical Infrastructure, Check Point Software Technologies highlighted that the threat to critical infrastructure could no longer be ignored especially after the blackout in Ukraine and the manipulation of “Kemuri Water Treatment Company“ water flow.

As the cyber threat world is big and extensive — to fully understand the scope of threats to nationwide critical infrastructures, the blog highlights a few insights and perspectives based on Check Point’s vast and longstanding experience in the cyber world. Three areas that Industrial Control Systems (ICS) are vulnerable include:

  • IT network
  • Insider threat (intentional or unintentional)
  • Equipment and software

Attacking through the IT network

ICS usually operates on a separate network, called OT (Operational Technology). OT networks normally require a connection to the organisation’s corporate network (IT) for operation and management. Attackers gain access to ICS networks by first infiltrating the organisation’s IT systems (as seen in the Ukraine case), and use that “foot in the door” as a way into the OT network. The initial infection of the IT system is not different to any other cyber attack we witness daily. This can be achieved using a wide array of methods, such as spear phishing, malicious URLs, drive-by attacks and much more.

Once an attacker is successfully in the IT network, they will turn their focus on lateral movement. Their main objective is to find a bridge that can provide access to the OT network and “hop” onto it. These bridges may not be properly secured in some networks, which can compromise the critical infrastructures they are connected to.

The threat within

Traditional insider threats exist in IT networks as well as in OT networks. Organisations have begun protecting themselves against such threats, especially after high-profile attacks such as the Target hack or Home Depot (and the list is continuously growing). In OT, however, the threat is increased. Similar to IT networks, insiders can intentionally breach OT networks with graver consequences. In addition to this “regular” threat, there is the unintentional insider threat. Unlike IT networks, OT networks are usually flat with little or no segmentation, and SCADA systems have outdated software that goes unpatched regularly.

Unwitting users often inadvertently create security breaches, either to simplify technical procedures or by unknowingly changing crucial settings that disable security. The bottomline remains the same either way: the network that controls the critical infrastructure is left exposed to attacks. This is proven time and again as one can easily encounter networks that were connected to the internet by accident.

Meddling with critical components

The last avenue that endangers ICS is tampering with either the equipment or its software. There are several ways to do so:

  • Intervening with production of the equipment. An attacker can insert malicious code into the PLC (Programmable Logic Controller) or HMI (Human Machine Interface) which are the last logical links before the machine itself.
  • Intercepting the equipment during its shipment and injecting malicious code.
  • Tampering with the software updates of the equipment by initiating a man-in-the-middle attack, for example.

So, how can we protect our critical infrastructure?

To fully protect any critical infrastructure, whether it is an oil refinery, nuclear reactor or an electric power plant, all three attack vectors must be addressed. It is not enough to secure the organisation’s IT to ensure the security of the production floor. A multi-layered security strategy is needed to protect critical infrastructures against evolving threats and advanced attacks.

Read 2502 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here


The past year has seen a meteoric rise in ransomware incidents worldwide.

Over the past 12 months, SonicWall Capture Labs threat researchers have diligently tracked the meteoric rise in cyberattacks, as well as trends and activity across all threat vectors, including:

Encrypted threats
IoT malware
Zero-day attacks and more

These exclusive findings are now available via the 2022 SonicWall Cyber Threat Report, which ensures SMBs, government agencies, enterprises and other organizations have the actionable threat intelligence needed to combat the rising tide of cybercrime.

Click the button below to get the report.



It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site and prominent Newsletter promotion and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.


Ray Shaw

joomla stats

Ray Shaw  has a passion for IT ever since building his first computer in 1980. He is a qualified journalist, hosted a consumer IT based radio program on ABC radio for 10 years, has developed world leading software for the events industry and is smart enough to no longer own a retail computer store!

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News