I'm sure all of you have seen that US-CERT last week told utilities to get off the internet. A bit shocking, but after a review of the cyber attack on Ukrainian power companies a team of U.S. and Ukrainian investigators found that the cyber-attack on Ukraine's infrastructure was synchronized and coordinated. In fact, the perpetrators acquired legitimate credentials to facilitate the attack.
Preliminary reports suggest that the attackers used the BlackEnergy (BE) malware in combination with KillDisk malware to wipe some systems. A full report is available here.
What are CERT's recommendations? What many have been saying for years: implement best practices, procure and license trusted hardware and software systems, know who and what is on your network through hardware and software asset management automation, patch systems on time, and more.
We all know this. But do we DO it? For a variety of reasons, some do and others do not. On Friday, world renowned journalist Ted Koppel will explain MORE reasons to DO it. In his book, Lights Out, Mr. Koppel has chronicled some of the cascading effects of a successful and devastating attack on our nation's electric grid.
For our part, the InfraGardNCR Board is developing a "Do-It-Now" series to urge you to take some of these simple precautions NOW. For your part, we realize that we all have "cyber fatigue" - we hear about it all day long and often feel like it is impossible to stay ahead of the curve. Proving ROI, getting management buy-in, it's an unwelcome part of the job.
All of us face this fatigue when battling daily, mounting threats. It is up to us, however, to hammer on. We must continue to provide the defense that will assure that any attack on our critical infrastructure sectors is mitigated by our efforts or repelled entirely by speedier communications and collaborative relationships.
Many of you may know of 9/11 hero, Rick Rescorla, the director of security for Morgan Stanley and retired Army officer. Rick Rescorla anticipated the 9/11 attacks and implemented evacuation procedures that saved numerous lives on that tragic day. He hammered and hammered. He told Morgan Stanley leadership that if he was not able to drill the evacuation procedures he could not be their director of security. And then on 9/11, two airplanes struck the Twin Towers. He evacuated 2,687 employees and perished going back in to "make sure everyone else is out."
You may be thinking, "Kristina, that's pretty dramatic, don't know if my role in cyber would really do all that!" According to Ted Koppel (not me!), an attack that brings down our electric grid would lead to mass devastation, starvation...a nation in collapse.
Shall I call you "Rick"?
With highest regard,