July 17, 2018 | Written by: Maureen Pushinsky

#CRITIFENCE, #Cyber, #Security, #cybersecurity, #SCADA, #ICS, #OT, #IioT, #CI, #Critical, #Infrastructure, #criticalinfrastructure

Cyber-security experts and strategists agree that Critical Infrastructures and Industrial Control/SCADA systems are the backbone of any country. Over the years, advanced hackers, including nation states, have made multiple attack campaigns against industrial facilities in an attempt to disrupt their operations.

Traditionally, control systems were segregated from unsecured areas, such as corporate networks and the Internet. For a long time, air-gapping combined with physical security were considered sufficient security measures for Industrial Control Systems.

The first suspected cyber-attack on industrial facilities is the 1982 explosion of the Trans-Siberian gas pipeline, which allegedly was caused by a Trojan added to control software before its deployment. The explosion happened some four years before the first known cyber-espionage event (the Cuckoo's Egg) - both in the context of the Cold War.

With time, more organizations connected their SCADA networks with other potentially unsecured networks in order to cut costs, share operational information, or distribute ordering/billing data. With the elimination of the air gap, hackers have been able to penetrate control networks from the end of the 90's and to this day.

The Stuxnet worm, discovered in 2010, succeeded in infecting the most secure nuclear facilities by using physical devices (USB flash drives) to circumvent air gaps. The amount of damage it caused to the Iranian nuclear program and the press coverage it received resulted in an increased awareness of the need to protect Industrial Control Systems.

Cyber-attacks against Critical Infrastructures are gaining steam. Cyber-warfare has become an intrinsic part of international conflicts. Moreover, because of its stealth nature and potential to cause physical damage without deploying soldiers or utilizing traditional weapons, in many situations it is the preferred method of attack.

New ways to penetrate networks, span or bypass air gaps, and spread malware are discovered all the time. Penetration tests and information warfare exercises continue to reveal vulnerabilities. The number of cyber-attacks on industrial facilities continuously increases, with most going unreported. Like never before, the society protection for our Industrial Control Systems.

Download the full updated 2018 Critical Infrastructure Cyber Attack Timeline report of CRITIFENCE Critical Infrastructure and SCADA/ICS Cyber Threats Research Group:

2018 Critical Infrastructure Cyber Attack Timeline

For more information about CRITIFENCE® Cyber Security Solution for Critical Infrastructure,
SCADA and Industrial Control Systems and the SCADADome solution, download SCADADome Solution White Paper.