A new taxonomy for SCADA attacks>
Help Net Security – Zeljka Zorz
Attacks aimed at SCADA networks are still much rarer than those targeting IT networks, but the number is slowly rising. In a recently published whitepaper, Kfir proposes a taxonomy that distinguishes between non-technical and technical properties. Each property has three âgradesâ. In a recently published whitepaper, Kfir proposes a taxonomy that distinguishes between non-technical and technical properties. Each property has three âgradesâ. The non-technical properties are: ⢠Targeted industry (Type of campaigns): IT campaign â Campaign that targets IT and OT networks â OT-specific campaign ⢠Desired impact: Non-SCADA specific â SCADA specific and impacts confidentiality â SCADA specific and impacts availability and integrity ⢠Actual impact: No impact on availability and integrity â Impact on availability and integrity of non-critical systems â Impact on availability and integrity of critical systems ⢠Physical process expertise: None â Case-specific knowledge â Industry-specific knowledge ⢠Dormant Duration (Attack duration): Weeks or more â Days â Hours. The technical properties include: Industrial protocols expertise Assets configuration changes Vulnerability type Vulnerabilities used NIST and ICS-CERT use scoring standards for the risk assessment of disclosed vulnerabilities with a bias towards IT networks, he notes, and their framework is not always applicable to the context of industrial environments and the SCADA and ICS systems running on OT networks.
Link: https://www.helpnetsecurity.com/2019/01/15/analyze-scada-attacks/