2.2.3 New ICS Attack Framework “TRITON”

In the middle of November 2017, the Dragos, Inc. team found malware tailor-made for ICSs and identified it as TRISIS (referred to as TRITON in this document) because it fixed it gaze on Schneider Electric’s Triconex safety instrumented system (SIS), enabling the replacement of logic in final control elements. (mais…)

2.2.2 Dragonfly 2.0 Malware The Dragonfly organization, also known as Energetic Bear, mainly carries out cyber espionage activities targeting electric power operators, major power generation enterprises, petroleum pipeline operators, and industrial equipment providers in the energy sector. According to a Joint Analysis Report (JAR) released by the Department of Homeland Security (DHS), Dragonfly is a […]

2.2 ICS-Targeting Malware Analysis

In recent years, more and more malware took ICSs as targets, causing an increasingly great damage.

The following sections analyze major ICS-targeting malware. (mais…)

Typical ICS Security Incidents

As ICSs are increasingly informatized and open, more and more attacks are hitting ICSs, doing an increasing harm. ICS-targeted attacks use the IT network as a springboard to affect the operating of OT systems. Currently, attacks against ICSs are carried out to achieve three purposes: disrupting the normal operating of ICSs, obtaining ICS data, and making financial gains. (mais…)

Technical Trend of ICS Information Security

1.3.1 General Introduction

As the application of IT technologies in industrial fields is expanding in breadth and depth, ICSs are facing an increasing number of security risks. ICSs’ original security protection systems which
feature border separation and protection tend to be associated and integrated with business. With the emergence of new application forms such as industrial clouds and industrial big data, ICS security products need to surpass the existing products in terms of functions and application form, so as to better adapt to new applications. (mais…)

Development of ICS Information Security

Since the Stuxnet virus explosion, countries all over the world have taken ICS security issues to a new height by actively working out and introducing related policies, standards, technologies, and solutions.

A look into ICS security developments around the world reveals that the USA is the first to research and implement ICS security standards. North America Electric Reliability Corporation has conducted security checks on electric power (including nuclear power) enterprises according to requirements defined in CIP series standards. Europe has inspected security of industrial control products in accordance with WIB standards. Some counties represented by Germany are diverting their efforts to ICS security in compliance with ISO 27009. Japan, in line with requirements of IEC 62443 and Achilles Certification, stipulated in 2013 that all ICS products can be applied in the country only after they are certified by national standards. Also, this country has conducted ICS security checks and construction in energy, chemical, and other critical sectors. Israel has set up a state-level ICS product security inspection center to perform security inspection on ICS products before they are connected to networks. (mais…)