Critical Infrastructure Emulation and Defense

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
Sandia’s suite of Emulytics capabilities encompass realistic emulated and simulated environments for cyber experimentation, supporting cybersecurity needs across the civilian Federal government and critical infrastructure. Analysts and decision makers use Emulytics experiments to characterize nuanced cyber problems and inform strategies to mitigate threats and vulnerabilities. The tools also model user behaviors to simulate attacker and victim actions in the environment. In this scenario, a bad actor has staged an attack against a regional power provider, with the goal of initiating a cascading failure in the power grid. The attacker delivers a spearphishing email to an engineer at the power company. When the user clicks a link within the email, a decoy website is loaded and appears to work normally. Although the attack is invisible to the user, an exploit has been delivered in the background, establishing persistence and command and control on the network. The adversary waits until the right time to execute the final phase of the attack. In the meantime, the power company’s network continues to operate normally. When the time is right, the Attacker instructs the malware to cause a disruption of service. The malware moves laterally through the network, pivoting to the engineering SCADA network and sending modbus commands from there to network-connected industrial control system devices, systematically turning off breakers in the virtualized RTUs. This is the same technique that was used in 2016 during the CRASHOVERRIDE attack on the Ukranian power grid. As nodes within the power system begin to shut down, a cascading failure occurs and the system becomes overloaded. A region-wide blackout takes hold. Emulytics allows organizations to develop customized defense strategies. The platform provides repeatable cyber experiments based on models of each organization’s unique environment. Experiments can be run in nearly any configuration, including realistic simulations and emulations, with and without hardware-in-the-loop. By using the Emulytics platform, organizations can better understand the threats they face in their own cyber context and answer questions about cyber risk, mitigation strategies, and more.
Info
Channel: Sandia National Labs
Views: 7,814
Rating: 4.681818 out of 5
Keywords: Sandia National Laboratories, critical infrastructure, power systems, electric grid, grid security, operational technology, OT, industrial controls systems, ICS, internet of things, IOT
Id: eoO13iV6m_g
Channel Id: undefined
Length: 3min 16sec (196 seconds)
Published: Tue Mar 23 2021
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.