Undirected Attack Against Critical Infrastructure: A Case Study for Improving Your Control System Security [open pdf - 1MB]
"Computer virus incidents cost companies billions of dollars every year. While antivirus technologies for detection and containment are attempting to keep pace, the threat is constantly evolving. The attack vector is no longer simply an infected executable on a floppy disk. Email, websites, macro-enabled documents, instant messages, peer-to-peer networks, cell phones, and other interconnected systems are all potential entry points onto our networks for a wide range of malware. Our ability to successfully defend these entry points, as well as recover in the event of a given contamination, needs improvement. Such is the situation for the water treatment facility featured in this case study, where systems on its networks were repeatedly compromised by malware over the span of a couple days. Symptoms of this infection are first noted when network performance degrades significantly on several systems, but the actual compromise is not recognized until the Internet Service Provider (ISP) of the facility relays a message regarding a suspected worm outbreak emanating from the facility's network. The offending systems are eventually identified, taken off-line, scanned, and disinfected. Unfortunately, the source carrier (a mobile laptop) of the worm is not identified and cleaned during the initial recovery process. Even though steps were being taken to address the vulnerability issues in the environment, the day after restoring operations, systems on the network are once again infected, further compounding the overall incident. Unable to effectively defend against and respond to the outbreak results in a loss of data, disruption in operation, and ultimately substantial financial impacts."
United States- Computer Emergency Readiness Team (US- CERT) Case Study Series: Vol 1.2
United States- Computer Emergency Readiness Team (US- CERT): http://www.us-cert.gov/