Various Musings about the recent Water Plant Hack
-
Jonathan Pollet Why would Russian hackers want to burn up a water plant pump? We all knew the capabilities existed.. but.. What is the motivation? 1 day ago
-
Stacy Bresler Great question...something I have been recently asking the community in general related to various ICS attack scenarios, water plants included. It seems we often jump to the attack vector analysis and solutions leaving the questions about motivation unanswered or, at least, in the wings of the overall discussions. 1 day ago
- Darin Dutcher Agreed that it is a good question, but I think there are more categorically distilled questions that can be asked about threat actors and motivations in relation to this target. 1 day ago
-
Stacy Bresler Absolutely! There is no shortage of questions to be asked :) 1 day ago
-
Peter H. Hu We may never know the true motivation behind the hack. However, we can attempt to deter their attacks by planning a security model around their potential motivations. C.R.I.M.E. model is a good one that comes to mind. Possible Motivators: Compromise Revenge Ideology Monetary Ego 1 day ago
-
Alan Rivaldo My response in a haiku --- A motivation | Is not the relevant thing | The end result is. 1 day ago
-
Alex Domshlak I guess that Russian hackers have not specific interests in Springfield, Ill. From my perspective it looks like kind of Proof of Concept. 23 hours ago
-
Eric Gallant Probably just a target of opportunity. A system on the public Internet using off the shelf software; easy pickings. Also, as in nearly every cyber attack, the question of attribution is a difficult one to pin down conclusively. Sure they used Russian IPs. But who's to say that means they are actually Russian or even in Russia? 10 hours ago
-
Jonathan Pollet All excellent responses. I agree about SCADA systems available from the Internet created with COTS software and running on Windows machines are VERY juicy targets. I also think that it was a proof of concept...hopefully all of these incidents are a wakeup call to asset owners. 10 hours ago
-
Ron Southworth So let's assume that this media news item is real. How do you secure a SCADA system that has been installed to provide a service to 2200 people given that the place is only held together by chewing gum and good luck. Such a place is usually operated by the police chief and the mayor or similar community officials. Believe it or not there are about 1000 water utilities in N America that are exactly the same or in a worse position. Is the local PUC going to approve the expenditure to secure such a system? 7 hours ago
-
Kelvin Rundle I am not convinced that COTS on Windows makes a target any easier or harder to attack than alternatives. I agree with Ron, small SCADA system operators neither have the resources or budgets to get the help needed to protect these systems, whether they be in the USA or Australia. 6 hours ago
- Jonathan Bays Motive is a good question but in trying to assess the motive let's not get hung up on it having to be Russian or Chinese interests just because the more easily traced C&C server appears to be located there. There are so many pirated win machines in both countries that anyone from anywhere could be using them.
-
Stacy Bresler Great question...something I have been recently asking the community in general related to various ICS attack scenarios, water plants included. It seems we often jump to the attack vector analysis and solutions leaving the questions about motivation unanswered or, at least, in the wings of the overall discussions. 1 day ago