New threats have emerged and are increasingly targeting controllers found in power plants and electric grids, provoking grave concern for utility company security and critical infrastructure (CI). Unfortunately, policy-based monitoring and network anomaly detection alone has proven to be insufficient, even with intelligent automated services and 'unique' integrity checks offered by some CI solution providers.
Visibility for utility company security is often heavily centered on industrial control system (ICS) network traffic, and even with well-maintained layer-7 filtering, attackers are essentially bypassing security detection techniques. SecOps is also finding that the add-on of the much talked about behavioral anomaly detection with policy-based rules and machine learning, lacks precision in attack detection of evolving attacks on known vulnerabilities. Operations teams often find themselves facing a plague of false positives requiring further analysis to distinguish actual attacks, concerning exploits, and alerts that shouldn't be.
At the core of successful and devastating attacks on critical infrastructure, experts are finding buffer error attacks, malicious code in memory, threats initiated in the supply-chain, new exploit methods (often fileless) targeting known vulnerabilities in workloads, software code, and systems. According to the MITRE top 25, "Buffer Error" is the most dangerous software flaw, and CWE shows that these memory error attacks have experienced growth in use above any other vector. This applies to utility company security too.
Heightened integration and digitalization are thought to leave coveted systems more penetrable. As a result, attackers more evasively affect software at deeper system levels. Assailants traverse networked systems fast, getting in and out, and in many cases repetitively over days, months, or years. According to Blake Sobczak, E&E News reporter, highly skilled hacking groups like "Xenotime" have been hitting U.S. electric utilities with "reconnaissance and potential initial access operations" since late last year*. Attack discovery and detections often only come after the damage (or significant compromise) are realized and only as a result of a lengthy investigation of a variety of alerts and data points.
Power delivery systems are remarkably complex and comprise a network of substations, transmission lines, distribution lines, and other components. Automatic and human controls used to operate the system, and an intricate web of computers, servers, and communication systems tie everything together. Such complex multifactorial infrastructure is highly vulnerable to cyber-attacks, especially with a heightened focus on information-driven process automation.
To effectively operate, protect, and secure vulnerable OT/ SCADA systems, controllers, and power infrastructure environments, organizations are now embracing Virsec's application security technology. Virsec uniquely ensures full-stack visibility across the entire software plane and comprehensive defensive controls beyond the network layer, at the core of application workflows. With Virsec, those concerned about securing critical infrastructure and world power stations gain assurance that vital systems (and legacy technology) perform as expected, and crippling attacks are countered immediately before the damage.
Virsec delivers server-side defense at a level that covers all vulnerable operational components, including scheduling systems, process management platforms, data controllers, and operation systems. Company’s like Raytheon, Aveva, GDIT, and others look to Virsec for unmatched security, controls, and automation that ensures early threat detection and rapid, responsive actions. Virsec enables these organizations to deliver the world’s most complex critical infrastructure and operational control systems used in government, defense, finance, utilities, and more with greater security confidence.
Virsec embeds cybersecurity inside SCADA systems and industrial System Platforms and ensures defenses against evolving threats in milliseconds and without analytical or manual intervention in real-time before attacks metastasize. Whether you use Wonderware, Citec, Predix, Rockwell, or other SCADA, HMI, and process control software, VSP deterministically identifies attacks targeting code at runtime with precision as code executes in memory.
Stop remote hacking attempts, malicious code injection, memory-based fileless attacks on data and functions, and malware like Industroyer and Triton, in milliseconds before threats metastasize, and automation and control is disrupted.
Further resources:
Solution Brief: ICS/SCADA Security
Case Study: Raytheon and Virsec Partner to Guard the Grid
White Paper: Triton ICS Attack
Signup for a test drive
*'Most dangerous' hackers targeting U.S. utilities — report
https://www.eenews.net/stories/1060575609