Ics

Victim Sites & Technology So all of those things were term or bits about generalized grid operations. What about the actual victim in this case. What was the equipment affected? Where was it? Ukrenergo According to Reuters: Kovalchuk said the outage amounted to 200 megawatts of capacity, equivalent to about a fifth of the capital’s energy consumption at night. There’s an interesting piece of data. 1/5 night capacity means one gigawatt (1000 megawatts) of total consumption at night. This got me wondering what the usual ratio of night vs day consumption is. A little Googling got me to eia.gov’s article Demand for energy changes through the day. I’m doing some loose math but: ...

Source: Public Domain Pictures In the first post of the CRASH OVERRIDE Chronicles I outlined my plan for reviewing Dragos’ CRASHOVERRIDE report in order to build an understanding of the ICS threat landscape, key technologies, and ultimately one of the major actors involved. This second installment is a run through of the whole report calling out areas I need to focus on learning & investigating. The first step was simple: Read the report. The second step was also simple: Read the report again; this time with a critical eye. The first read through is for familiarity. The second read through is not simply to read but to pick out key phrases, items to focus on, and to look for bias and things I want to verify or follow up on. In addition, just for you dear reader, I took notes to call out positives and negatives I think make a difference in intelligence products. ...

I’ve been lucky and had a really wide variety of experiences in information security throughout my career. Government & non-government. Vendor & practitioner. Finance & dotcom. I’ve seen a lot of stuff. It’s to the point that I get even more excited about the stuff I’ve never done. One of those moments happened a few weeks ago when the Dragos team released their Crash Override report. Full Disclosure: I know a few of the folks over at Dragos and consider them friends but friends that value good, even critical, analysis. ...