Critical Infrastructure Emulation and Defense

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

Sandia’s suite of Emulytics capabilities encompass realistic emulated and simulated environments for cyber experimentation, supporting cybersecurity needs across the civilian Federal government and critical infrastructure. Analysts and decision makers use Emulytics experiments to characterize nuanced cyber problems and inform strategies to mitigate threats and vulnerabilities. The tools also model user behaviors to simulate attacker and victim actions in the environment. In this scenario, a bad actor has staged an attack against a regional power provider, with the goal of initiating a cascading failure in the power grid. The attacker delivers a spearphishing email to an engineer at the power company. When the user clicks a link within the email, a decoy website is loaded and appears to work normally. Although the attack is invisible to the user, an exploit has been delivered in the background, establishing persistence and command and control on the network. The adversary waits until the right time to execute the final phase of the attack. In the meantime, the power company’s network continues to operate normally. When the time is right, the Attacker instructs the malware to cause a disruption of service. The malware moves laterally through the network, pivoting to the engineering SCADA network and sending modbus commands from there to network-connected industrial control system devices, systematically turning off breakers in the virtualized RTUs. This is the same technique that was used in 2016 during the CRASHOVERRIDE attack on the Ukranian power grid. As nodes within the power system begin to shut down, a cascading failure occurs and the system becomes overloaded. A region-wide blackout takes hold. Emulytics allows organizations to develop customized defense strategies. The platform provides repeatable cyber experiments based on models of each organization’s unique environment. Experiments can be run in nearly any configuration, including realistic simulations and emulations, with and without hardware-in-the-loop. By using the Emulytics platform, organizations can better understand the threats they face in their own cyber context and answer questions about cyber risk, mitigation strategies, and more.

Info

Channel: Sandia National Labs

Views: 7,814

Rating: 4.681818 out of 5

Keywords: Sandia National Laboratories, critical infrastructure, power systems, electric grid, grid security, operational technology, OT, industrial controls systems, ICS, internet of things, IOT

Id: eoO13iV6m_g

Channel Id: undefined

Length: 3min 16sec (196 seconds)

Published: Tue Mar 23 2021