Ukrainian Power Grid Hack: What Happened and What Needs to Change?

Adam Meyer | Network World | January 14, 2016

The Ukrainian power grid hack that reportedly left 700,000 homes in the dark just before Christmas highlights how the critical infrastructure sectors must step up to the plate and work harder to keep the bad guys out. It is a safe bet that few industrial control systems (ICS) critical infrastructure organizations would rate their cybersecurity as excellent. If they know this, the hackers do too and that makes them an easy target.

In the Ukrainian instance, the payload was delivered via spear phishing exploits and then looked for a certain running process common to SCADA systems. When it found it, it killed the process and overwrote it, effectively making the device useless. There was nothing uncommon about the hackers’ payload delivery and therefore it was something that could have been prevented or, at a minimum, limited the likelihood of occurrence with extra training on the user environment.  But ICS critical infrastructure does have unique challenges due to the very nature of the business:

* Siloed culture – Traditional IT groups and their Operational Technology (OT) counterparts are distinct silos. If they do not define clear roles and work together toward a common goal, the organization becomes its own worst enemy. OT teams who have little experience with IT are on a steep learning curve, and IT groups who have the experience with the technology generally do not understand the OT needs of the organization. This causes organizational friction and poor communication that malicious actors are more than happy to exploit...