In the original Star Trek episode “The Trouble with Tribbles,” an unscrupulous merchant, Cyrano Jones, gives a small furry animal called a Tribble to communications officer Uhura. Uhura takes the Tribble aboard the Starship Enterprise where the animal begins to quickly reproduce, thereby threatening to overrun the ship and cause significant damage.
This episode is a great lesson in cyber security and supply chains and a great way for us to communicate about the risks we take on when we don’t evaluate what we are bringing into our own enterprises and who is providing them. A recent article by Deloitte, Managing cyber risk in the electric power sector, Emerging threats to supply chain and industrial control systems, goes into great detail about the evolving attacks targeting systems that generate, distribute and govern power generation.
The energy sector is considered critical infrastructure for good reason. When the power is out, especially over a wide area, it can impact safety, the economy and national security. Protecting that infrastructure is in the interest of the companies operating the system as well as the communities that need this vital resource. Doing so, however, is becoming increasingly difficult, as attacks have become more sophisticated and the attackers are now as likely to come from nation-states as organized crime.
Traditional methods of attack have often started with a phishing attempt. The first known successful attack on a power plant was initiated via spear phishing, which allowed the attackers to steal credentials to Ukrainian power facilities. With those credentials, the attackers could then remote control computers and breakers, causing a large regional outage. The attack didn’t stop there; phone lines were jammed, causing a denial of service for legitimate customers attempting to report the outage and seek information or help. (For a more detailed report of (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Anthony Israel-Davis. Read the original post at: https://www.tripwire.com/state-of-security/ics-security/tribbles-supply-chains-industrial-cyber-security/