Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Power Security News

Israel's Electric Grid Targeted By Malware, Energy Minister Says (timesofisrael.com) 37

itwbennett writes: While many are still debating how much risk there is of a catastrophic cyber attack on power grid and other critical infrastructure, Israel's Minister of Infrastructure, Energy and Water, Yuval Steinitz has good reason for warning 'of the sensitivity of infrastructure to cyber-attacks, and the importance of preparing ourselves in order to defend ourselves against such attacks.' On Tuesday Steinitz told attendees at CyberTech 2016 that the country's Public Utility Authority had been targeted by malware just one day earlier, and that some systems were still not working properly. Not long after news of the attack started to spread, Robert M. Lee, the CEO of Dragos Security, published his thoughts on the matter over on the SANS ICS blog.
This discussion has been archived. No new comments can be posted.

Israel's Electric Grid Targeted By Malware, Energy Minister Says

Comments Filter:
  • I mean, we know industrial facilities are extremely vulnerable since the Stuxnet incident, when was that?, 2011?
    • by gstoddart ( 321705 ) on Wednesday January 27, 2016 @10:54AM (#51382059) Homepage

      And, given the widespread belief Israel was involved in Stuxnet ... to suddenly be bit by this seems a little shortsighted,

      I mean, if you (allegedly) did this to someone else, why would you be surprised if it happens to you?

      • by arth1 ( 260657 )

        And, given the widespread belief Israel was involved in Stuxnet ... to suddenly be bit by this seems a little shortsighted,

        I mean, if you (allegedly) did this to someone else, why would you be surprised if it happens to you?

        Live by the sword, die by the sword.

        And yes, there is a lot of evidence that Israel is behind much of the cyberwarfare in general, and of malware in particular.
        They shouldn't act surprised if what goes around comes around.

        • "what goes around comes around" It certainly does but Israel has a history of retaliatory actions against those who threaten their state. They don't ask for permission, they don't apologize, and they don't believe in "proportional" responses.

  • Pot meet kettle (Score:5, Insightful)

    by xxxJonBoyxxx ( 565205 ) on Wednesday January 27, 2016 @10:37AM (#51381915)

    How do you pronounce "Stuxnet" in the Hebrew language?

    • by Anonymous Coward

      Oy Vey?

    • Re:Pot meet kettle (Score:5, Interesting)

      by AmiMoJo ( 196126 ) on Wednesday January 27, 2016 @11:34AM (#51382435) Homepage Journal

      That's the problem with introducing a new weapon - if your enemies hadn't already thought of it, they have now, and if they hadn't wanted to escalate to actually using it, they will now.

      How long until we see drone strikes in Israel or the mainland US?

  • by ErichTheRed ( 39327 ) on Wednesday January 27, 2016 @10:49AM (#51382021)

    There are so many vulnerable SCADA systems, device-specific Ethernet adapters and other stuff out there, and it just chugs along for years and years. Especially with public sector stuff, multiple layers of contractors put gear in, barely document it and hand it over to the operating authority. The problem is that since no one permanent knows the ins and outs of the system, it can stay vulnerable for ages. Even if a vendor does release patches, the "don't touch it or 500K customers lose power" mentality around critical infrastructure means they barely ever get applied.

    Anything IoT is going to have to be secure by default, as in, hard to get working instead of open and easy. I doubt the "just contract it out" mentality is ever going to go away in the public sector -- I've inherited systems where the only documentation is a statement of work from 5 years back that the contractor cut and pasted from the vendor's manuals.

    • Check the update at the end of the article.... ransomware does not run on SCADA systems. Now how do you feel about posting that rant? You've just wasted 10 minutes of your life writing that :))))
      • It seems that they actually were in a position to quickly identify and respond to the threat. That doesn't happen by accident. And without knowing details of the attack, many here will simply make unfounded assumptions about what was done wrong.
  • No guesses as to what operating System this electric malware runs on.
  • From TFA SANS ICS cited [sans.org] at the end of the Slashdot summary:

    *Update* A cyber analyst in Israel (Eyal Sela) messaged me to add that the media reporting so far is misleading with regards to the context around the incident. The "Israel Electric Authority" the Minister mentioned is in no way related to the networks of the Israeli electric companies, transmission, or distribution sites. The Israeli Electric Authority is a regulatory body of roughly 30 individuals and this "cyber attack" is only referencing their

    • so, there's yet another politician who doesn't understand the technology he's supposed to be in charge of and a whole lot of news agencies who completely failed to check their facts. So basically, it's Thursday.

A complex system that works is invariably found to have evolved from a simple system that works.

Working...