[jimjamuser]

Quote:

Originally Posted by CoachKandSportsguy

Maybe, but i also think that this an eggageration as I currently work at a multiple product utility, electric (generation, transmission and distribution) and gas (transmission and distribution) and stating we are late to the game would imply that there have been multiple outages due to cyber attacks, and I have yet to read about many cyber outages in the CNI (critical national infrastructure). There is actually more risk in physical attacks now than cyber attacks. . .



There are several grids in the US, if you are retired for more than 5-10 years, am thinking that you have missed a lot of continued improvements and upgrades, etc. I know that the PG&E sucked with their use of rate tariffs to adequately cover their physical risks, but most companies are continuously upgrading their cyber defenses. We have tripled our budgets in the last 5 years, and are constantly reducing risk entries. The Columbia gas pipeline explosions were due to failed reactions to over pressurization alerts, and they lost their license to operation in MA. But not a cyber attack.

So i am thinking that you are suffering from retirement memories of the old days, since being out of touch with the current working world advances, which are continuous and hidden from everyday retirement life. Oh I so wish I could be retired to get rid of all this working crap. . and forget about my now irrelevant operational finance career.

So yes, when the increased attacks happen, which have been on going since the beginning of March, internally non cni we have occasional connectivity issues, and slow latency, but nothing has been threatening the CNI any more than any other day.

still working IT guy,
though going back to finance / database dba / regulatory reporting support guy at work

An interesting post. Thought-provoking. KUDOS!

[JMintzer]

Quote:

Originally Posted by jimjamuser

I fail to understand the point of such statements. There are VAGUE allusions to some.........whatever???? is the main point of the paragraph/series of statements?

Why does the phrase "Pot, meet Kettle" come to mind?

[Two Bills]

Quote:

Originally Posted by jimjamuser

To me, it did NOT seem like a clarifying reply. It seemed more like an attack and a delighted finding of fault with another person's post. In addition to a non-comment or opinion on the main point of MY post.
.......When anyone writes a reply of more than 5 or 6 sentences. There is always someone that will "pull out" a small detail and declare that a small detail of near-zero IMPORTANCE somehow nullifies the main argument of a post. Maybe it is human nature.....a dark human nature.

You made a post, the main content of which was wrong, and to have that fact pointed out is an attack?
How precious are you?

[dhdallas]

Quote:

Originally Posted by MartinSE

Alert from the Government CISA:

The Department of Energy (DOE), the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) are releasing this joint Cybersecurity Advisory (CSA) to warn that certain advanced persistent threat (APT) actors have exhibited the capability to gain full system access to multiple industrial control system (ICS)/supervisory control and data acquisition (SCADA) devices, including:

Schneider Electric programmable logic controllers (PLCs),
OMRON Sysmac NEX PLCs, and
Open Platform Communications Unified Architecture (OPC UA) servers

Here is the entire alert: It has not yet been determined WHO is responsible for this, but the "general assumption" is it is Russia. If this in fact is happening, it is an act of war against the US.

APT Cyber Tools Targeting ICS/SCADA Devices | CISA

"Dr. Strangelove or: How I Learned to Stop Worrying and Love the Bomb". - 1964 Directed by Stanley Kubrick

Sterling Hayden as Brig. Gen. Jack D. Ripper has to be you all over! Check it out! Lets bomb those Russkies back to the stone age!

[npwalters]

the "so what" people on this thread need to watch 60 Minutes tonight.

[Bill14564]

Quote:

Originally Posted by npwalters

the "so what" people on this thread need to watch 60 Minutes tonight.

If they are able to watch 60 minutes tonight then either the attack is not underway or it has not been very successful.

The advisory says there is evidence of tools being developed and/or tested and provides steps that affected industry partners need to take. For those partners, action needs to be taken. Bad things could happen but I'll bet our side will be prepared.

[MartinSE]

Quote:

Originally Posted by CoachKandSportsguy

Maybe, but i also think that this an eggageration as I currently work at a multiple product utility, electric (generation, transmission and distribution) and gas (transmission and distribution) and stating we are late to the game would imply that there have been multiple outages due to cyber attacks, and I have yet to read about many cyber outages in the CNI (critical national infrastructure). There is actually more risk in physical attacks now than cyber attacks. . .



There are several grids in the US, if you are retired for more than 5-10 years, am thinking that you have missed a lot of continued improvements and upgrades, etc. I know that the PG&E sucked with their use of rate tariffs to adequately cover their physical risks, but most companies are continuously upgrading their cyber defenses. We have tripled our budgets in the last 5 years, and are constantly reducing risk entries. The Columbia gas pipeline explosions were due to failed reactions to over pressurization alerts, and they lost their license to operation in MA. But not a cyber attack.

So i am thinking that you are suffering from retirement memories of the old days, since being out of touch with the current working world advances, which are continuous and hidden from everyday retirement life. Oh I so wish I could be retired to get rid of all this working crap. . and forget about my now irrelevant operational finance career.

So yes, when the increased attacks happen, which have been on going since the beginning of March, internally non cni we have occasional connectivity issues, and slow latency, but nothing has been threatening the CNI any more than any other day.

still working IT guy,
though going back to finance / database dba / regulatory reporting support guy at work

Thank you very much. That was very informative. I did not retire from APS, I was a consultant with them for a while. I was working for them when 911 happened. I worked on several infrastructure related projects including some database projects for Palo Verde. One of the projects I was assigned was a project to upgrade substation communications to have redundant communications paths. This was to protect against potential physical attacks, and my understanding was they were doing it as a result of Congressional mandate to all electrical producers. I can't really say much more about it, since I was a contractor with confidentiality requirements.

Even back then there were multiple grids - yes - but, are you saying there are redundant national grids now? Because that was discussed when I was there, but was thought to be too expensive to be practical? The proposal that was gaining favor was distributed generation. But, the technology for that was not practical at the time.

And yes, I am certain there have been a LOT of improvement since then - that was 20 years ago, a few things have changed - LOL!

I am glad to hear we are taking it more seriously now compared to then.

I assume you read the CISA alert I linked to, and understand it was sent out to companies to alert them to a new cyber attack software that has been detected and to give them information on how to identify if they had been attacked and how to deal with it. It does not say we have been attacked, it says the software has been identified as having been "tested" against several locations.

Anyway, thank you again for bringing us more up to date than my out dated experience.

[MartinSE]

Quote:

Originally Posted by Bill14564

If they are able to watch 60 minutes tonight then either the attack is not underway or it has not been very successful.

The advisory says there is evidence of tools being developed and/or tested and provides steps that affected industry partners need to take. For those partners, action needs to be taken. Bad things could happen but I'll bet our side will be prepared.

I completely agree, those partners need to take action, and I am sure they will. And yes, bad things happen in wars. And I also think we will be prepared.

My point, as I have said, was not to fear monger, or say the world is ending, just to let people be aware of things that are going on - most people are never aware of the world of Cyberwarfare. I find it interesting, having been involve in some of it tangentially. I thought people here might like to know what is happening and how our government is protecting us.

[MartinSE]

Quote:

Originally Posted by dhdallas

"Dr. Strangelove or: How I Learned to Stop Worrying and Love the Bomb". - 1964 Directed by Stanley Kubrick

Sterling Hayden as Brig. Gen. Jack D. Ripper has to be you all over! Check it out! Lets bomb those Russkies back to the stone age!

I have no idea what you are going on about, but have a nice day.

[npwalters]

Quote:

Originally Posted by Bill14564

If they are able to watch 60 minutes tonight then either the attack is not underway or it has not been very successful.

The advisory says there is evidence of tools being developed and/or tested and provides steps that affected industry partners need to take. For those partners, action needs to be taken. Bad things could happen but I'll bet our side will be prepared.

So did you actually watch the 60 Minutes piece? Your first sentence leads me to believe you did not.

[Bill14564]

Quote:

Originally Posted by npwalters

So did you actually watch the 60 Minutes piece? Your first sentence leads me to believe you did not.

My first sentence, referring to the show that would air later in the day, led you to believe that I had not watched the show that had not aired yet?

But no, I do not watch network television. What insights did the piece have?

EDIT: Even more confused by your remark now. I read what seems to be the transcript for the program. The transcript talks about indications and warning and planning but no attack against the US yet. That seems to support my first sentence that, "If they are able to watch 60 minutes tonight then either the attack is not underway or it has not been very successful." What am I missing?

[CoachKandSportsguy]

Just to give everyone comfort as to training at utilities, we actually see demos of actual software used in phishing attacks against us, as well as study other attack vectors from actual attacks. . .

Quote:

A practical training course has been developed to show what a cyber attack could look like on the electricity transmission network.

Understanding the signs to look out for will help differentiate between potential attacks and operational faults on our Operational Technology (OT).

To achieve this, we have delivered a representative protection and control system within Eakring training centre which the delegates will be able to use in the training.

This training follows on from the Cyber Security Foundation module, launched last year, which was designed to increase awareness of the threats we face, and how we can mitigate the risks. The Cyber Security Skilled training module offers additional knowledge of cyber security tools and techniques and a more comprehensive understanding such as:

What the Ukraine power system attack looks like for real
Understand how an attacker thinks to compromise systems
Demonstration of what a compromise of a substation would look like and the signs to look out for
We have collaborated with colleagues from across the business to ensure we make it as relevant as possible to ET.

The training (Cyber Security Skilled Training ET107) is now fully developed and we have completed a walkthrough and pilot with colleagues over the last few weeks to gain feedback. The training is a three day classroom based module which will be held in ###, on successful completion delegates will receive a qualification (Level 2 Award in Cyber Security Awareness for Critical National Infrastructure). The criteria for this training is staff that are actively working on, or frequently setting people to work on OT.

Cyber training pathways have been developed with the quarterly mandatory security training as generic training, the foundation and skilled as role based training. This will be reviewed on an annual basis to ensure it is always relevant and up to date.

The cyber threat to OT in the external environment is increasing and, as we use more data and become a more digital business, our risk profile increases therefore its essential we ensure the ET business has the required awareness and capabilities to combat the increasing cyber threat to OT.

it guy wanting to leave it

[MartinSE]

Quote:

Originally Posted by CoachKandSportsguy

Just to give everyone comfort as to training at utilities, we actually see demos of actual software used in phishing attacks against us, as well as study other attack vectors from actual attacks. . .




it guy wanting to leave it

Sounds good, glad to hear it seems to be taken seriously. I expect it is not a question of IF we will be attacked, but when. With sufficient training and preparation I have no doubt we will survive it. Sounds like you have some interesting experience, I am a bit sad I am a bit over the hill for Cyberwarfare work, it would intrigue me.

I keep a sandboxed system on my desk setup as a honey pot and occasionally catch something interesting. But, I don't have the time to mess with it much anymore.

[CoachKandSportsguy]

Martin,

enjoy retirement, I realize that workaholics like myself want to continue to feel relevant in today's world, but in reality, time is better served enjoying what TV and the rest of our lives have to offer,

and don't click on any links which you don't know, and don't answer random phone calls which are not on your contacts lists. . . and use linux mint if instead of windows O/S to minimize the potential viruses and other attacks. .

I am converting over as soon as I have the time.

laptop safety officer