Now days, no industrial operation is free of risk, and different industrial enterprises may legitimately have different “appetites” for certain types of risks Evaluating cyber risk in Industrial Control System (ICS) networks though, is difficult - for example, such evaluations can result in considering explicitly or implicitly up to hundreds of millions of branches of a complex attack tree modelling the interaction of cyber-attacks with cyber, physical, safety and protection equipment and processes. Communicating the results of such risk assessments to business decision makers who are not versed in cyber-physical risk assessment techniques can be even more difficult.
1. ICS Insider: A disgruntled insider with access to ICS equipment uses social engineering to steal passwords able to trigger a partial plant shutdown.
2. IT Insider: A disgruntled insider with access to an IT network uses social engineering to steal passwords able to give them remote control of a copy of the HMI system on an engineering workstation.
3. Common Ransomware: Accidentally downloaded to an engineering workstation and spreads to rest of ICS.
4. Targeted Ransomware: Spear-phishing seeds a Remote Access Trojan (RAT) on an IT network, which is used to deliberately spread ransomware through an ICS.
5. Zero-Day Ransomware: Ransomware incorporating a zero-day Windows exploit spreads through IT/OT firewalls.
6. Ukraine Attack: The now well-known first-generation Ukraine attack using spear phishing and remote access.
7. Sophisticated Ukraine Attack: A variation of the well-known Ukraine attack – the variation targets protective relays and causes physical damage to electric substations and rotating equipment.
8. Market Manipulation: An organized-crime syndicate uses known vulnerabilities in Internet-facing systems to seed RATs that are ultimately used to simulate random equipment failures, triggering commodities markets fluctuations.
9. Sophisticated Market Manipulation: A similar attack targeting an ICS site’s services suppliers as a means of seeding peer-to-peer RAT malware into an ICS and simulating random failures.
10. Cellphone WIFI: A combination of spear-phishing and a trojan cell phone app provides attackers with access to ICS WIFI networks.
11. Hijacked Two-Factor: Sophisticated malware allows attackers to hijack remote desktop / VPN sessions after a remote user logs in with two-factor authentication.
12. IIOT Pivot: Hacktivists pivot into an ICS via a poorly defended cloud vendor.
13. Malicious Outsourcing: A disgruntled employee of a remote services vendor configures a simple time bomb on important ICS servers on the employee’s last day on the job.
14. Compromised Vendor Website: Hacktivists use a compromised vendor’s website to insert malware into a software update, malware that targets specific industrial sites.
15. Compromised Remote Site: A physical breach of remote substation or pumping station hides a laptop at the remote site with a WIFI connection that is later used to attack the central SCADA site.
16. Vendor Back Door: Hacktivist-class attackers discover a vendor’s back door that provides the poorly defended vendor’s website with remote control of ICS components in the name of “remote support.”
17. Stuxnet: A Stuxnet-class attack targets a heavily defended site by compromising a services vendor for the site and crafting autonomous, zero-day-exploiting malware.
18. Hardware Supply Chain: An intelligence-agency grade attack intercepts new computer destined for an ICS site and inserts wireless, remote-control equipment into the computers.
19. Nation-State Crypto Compromise: A nation-state grade attack compromises the Public Key Infrastructure by stealing a certificate authority’s private key, or by breaking a cryptographic algorithm, such as SHA-256, allowing them to falsify security updates.
20. Sophisticated, Credentialed ICS Insider: An ICS insider is aligned with the interests of a sophisticated cyber-attack organization, deliberately cooperating with the organization to create sophisticated malware and seed it in the ICS.
Identify the cyber security threats being posed to your ICS systems to quantify the risk and provide adequate security expenditure.
Avoid false sense of security and learn the real state of security for your ICS systems.
Prepare an effective mitigation plan from our actionable ICS security assessment report.
Reduce your organization’s cyber security costs and provide a better return on security investment (ROSI) by identifying and resolving vulnerabilities and weaknesses. These may be known vulnerabilities in the underlying technologies or weakness in the design or implementation.
Provide your organization with assurance – a thorough and comprehensive assessment of organizational security covering policy, procedure, design and implementation.
Adopt best practices by conforming to legal and industry regulations.
We make clear and comprehensively documented reports of vulnerabilities that discovered during the assessment. We provide following types of reports after the assessment to our client:
Technical Reports: Technical Report contains details of every identified vulnerability, and potential technical impact, exhibits and actionable remedies, and help organization patch the gaps identified.
Management Reports: Management Reports contains details of identified vulnerabilities, security level, along with the business impact of each vulnerability, which also contains executive summary along with findings conclusion and guidance.
Remediation Guidelines: We provide customize remediation guidance with complete audit programs, refineries and identification steps to follow for each loophole incidents for the future assaults.
