A presentation from Certrec showcasing the cybersecurity threats plaguing critical infrastructure in the United States. Includes examples of major cyber attacks within the past few years.
To learn how Certrec's cyber security solutions can help keep your power plant secure from threats, visit: https://www.certrec.com/
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Cybersecurity Critical Infrastructure Threats and Examples 2022- Presentation by Certrec
1. Cyber Security:
Critical Infrastructure Threats and Examples
1
Fas Mosleh
October 2022
Certrec
Alliances, Strategic Marketing
Software, cybersecurity, systems executive
Helped develop HP’s Information security business
2. Mission:
Helping generators be more reliable and secure for a better, safer grid
How:
SaaS apps and technology to reduce risk of non-compliance for GO/GOPs
3. Agenda
• Types of Threats
• Critical Infrastructure Attack Examples
• Conclusions and Action Steps to Take
4. Types of Threats
4
• Physical
‒ Physical Access
‒ Physical Damage
• Digital (IT)
‒ Malware
‒ Remote Access
‒ Business Server Compromises
• Digital (T)
‒ Physical Access
‒ Remote Control Access Compromises
‒ Viruses
‒ Business Server Compromises
‒ Release of Sensitive Information
6. Infrastructure Attacks: Solar Winds
6
1. 18000
2. 100
3. 320,000
4. 499/500
• Hackers compromised SolarWinds' Orion software build via an already-compromised Microsoft Office 365 account.
• Backdoors distributed into user networks once tainted Orion updates were installed.
• Russians compromised ~100 companies inc. Microsoft, Intel and Cisco.
• Plus a dozen government agencies: US Treasury, Justice and Energy departments and the Pentagon.
7. Infrastructure Attacks: Colonial Pipeline
7
1. 5500
2. 5M
3. 100
Attackers got into the Colonial Pipeline network through an exposed
password for a VPN account, which used the same password for the VPN
in another location (whose password was compromised in a prior breach).
8. Infrastructure Attacks: Ukraine
8
During the outage, threat actors flooded customer services
phone lines with calls to prevent customers from reporting the
incident.
https://www.bbc.com/news/technology-61085480
On December 23, 2015, the power grid of Ukraine was hacked,
which resulted in power outages for roughly 230,000
consumers in Ukraine for 1-6 hours
9. Infrastructure Attacks: Ukraine
Sandworm hackers deployed Industroyer2 malware
against high-voltage electrical sub-stations in Ukraine
+ other destructive malware like CaddyWiper.
Which is being spread around Ukraine, deletes data on
infected computer systems.
9
11. Actions: What did we learn?
11
Trends
Important
Cyberattacks are on the rise
Nation threat actors are capable and motivated
Ransomware is data kidnapping
Basic Cybersecurity practices and being prepared can thwart attackers
It’s not a matter of if but when
12. Actions: Solutions to Consider
12
Review the cybersecurity risk plan
The first step is to learn and understand what can go wrong, followed by
taking precautionary actions and finally, learning how to respond
effectively to a real operational threat or attack.
Make cybersecurity awareness, prevention, and security best practices
a part of your culture.
PHYSICAL
DATA
OT
13. Conclusions
13
Prevent damage to your facility, compromise of the bulk
electric system, by reducing the chances of a breach
Be informed and implement/recommend some simple measures
Expect the unexpected and plan aggressively
14. Actions: Resources
14
• Video: Why Big Tech Wants You To Ditch Your Password
• Why MFA?
• How to address cybersecurity in the energy sector (McKinsey)
• Industrial Control Systems Cyber Emergency Response Team (ICS-CERT)