Case studies and solutions for energy cyber security
We are pleased to publish links and white papers from solutions providers, these are sponsored to help cover our costs but selected because of their genuine interest and application to the energy sector.
A New Approach to Classifying OT Attacks
Cyber Incident reporting in SCADA systems gives us invaluable insight into the burgeoning threat landscape. Incident case reports help the security community understand what threats we face and thus enable organisations to establish a robust defence strategy. In recent years, there has been an increase in cyber security awareness and the adoption of detection tools. As a consequence, the number of reported incidents and campaigns targeting SCADA networks has increased. In this whitepaper Radiflow dives into several highly publicised security incidents over the past 10 years such as the Triton and Ukraine electricity blackout incidents.
Radiflow believes that the next step in risk analysis for critical infrastructure operators and industrial firms is determining the impact of disclosed vulnerabilities. This should be carried out based on the context of the firm's OT network and business logic related to relevant attacker models.
Experts argue there are issues with existing classification methods. NIST and ICS-CERT, the two major vulnerability disclosure organisations, use scoring standards for assessing security flaws with a bias toward IT networks.
Radiflow’s new white paper discusses this in detail: Meet Your Attacker – Taxonomy and Analysis of a SCADA Attacker.