On December 23, 2015, Ukraine experienced a major power outage impacting 225,000 customers. Since then, the United States, working in collaboration with the Ukrainian government, determined that the blackout was linked to a cyberattack, calling into question the security of critical infrastructure worldwide.
To raise awareness of current vulnerabilities in critical infrastructure, the FBI and Department of Homeland Security’s (DHS) Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) will be conducting unclassified in-person briefings as well as online webinars for asset owners and supporting personnel.
The briefings, titled “Ukraine Cyber Attack: Implications for US Stakeholders,” will provide context for the Ukraine cyberattack, information on the tools and tactics commonly used to target ICSs, and provide recommendations and best practices for mitigating risks to critical infrastructure.
“The briefings will include analysis of the attack timeline and threat vector, identifying critical tactics, techniques, and procedures (TTPs) as well as mitigation strategies,” the ICS-CERT announcement stated. “The focus of the briefing will be on applying the lessons learned from the Ukraine attack to US critical infrastructure.”
The briefings will highlight:
- Context and detailed information about the cyberattacks against Ukrainian infrastructure that resulted in physical impact for three Ukrainian companies and additional attacks against three other companies that did not have physical impact.
- The role and impact of BlackEnergy malware in the attacks, as understood by the US Government.
- Discussion about the TTPs used as part of the attack.
- Detailed mitigations strategies for detecting, preventing and/or responding to a similar attack against US critical infrastructure.
The online webinars began March 31 and the first in-person briefing is scheduled for April 12 in Washington, DC. A total of 12 briefings will be held, with sessions in eight US cities. The briefings are open to asset owners, supporting organizations, ICS vendors, and government personnel.
As Homeland Security Today recently reported, the attack in Ukraine is suspected of being the first successful cyberattack on public utilities. It serves as a disturbing reminder of the vulnerability of critical infrastructure, globally and within the United States. In light of the Ukraine attack, security experts are growing increasingly fearful that critical infrastructure, especially supervisory control and data acquisition (SCADA) systems, could be targeted in the US and elsewhere.
DHS is wisely using this as an opportunity to bring government and industry together to ensure the nation is adequately prepared to respond to an attack on the nation’s most critical assets.
