Critical Infrastructure. What keeps the lights on, water safe to drink, planes in the sky. Everything we take for granted but it’s mission critical 24/7 and nobody really understands how it works except the folks who work with it. There was a time when this stuff was kept offline, in its own little realm. Not anymore. It’s a lot more exposed, a lot more vulnerable.
OK, I can’t sum it up in one word but it is a great starting point. Let’s look at the attack on the power grid in the Ukraine, late December 2015. Add to that attacks on the water and power system in Lansing, Michigan a couple months later using ransomware. You can plot the trajectory from there. I’ll be building this up next – consider this my placeholder. I don’t want to have to say “I told you so.”
Ransomware and ICS
Dale Peterson, or @digitalbond, hilites how ransomware in ICS differs, and what we should know in his piece here: https://www.linkedin.com/pulse/ransomware-icsscada-its-happening-predictions-dale-peterson . Bricking the PLC seems to be the big hurt. They usually aren’t redundant and the ability to do forensics is very limited.