IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.
Disaster Zone

Recent Cybersecurity Issues on Land and in Space

These are examples of the growth industry that cybersecurity presents.

March 30, 2019 • 
Eric Holdeman
Thanks to Ernie Hayden for sharing the information below. Just this past week, he did a presentation on ransomware for us. Cybersecurity is big business and getting bigger!

LockerGoga strikes again at American chemical companies

The Details:

  • LockerGoga, the same ransomware that affected the operations at aluminum manufacturer Norsk Hydro earlier this month, has also hit the American chemicals companies Hexion and Momentive.
  • The attack is thought to have taken place March 12.
  • Hexion and Momentive make resins, silicones and other materials.
  • This attack has been tied to LockerGoga because the ransom language and formatting is very similar.
  • According to Momentive’s CEO, Jack Boss, the data on any computers that were hit with the ransomware is probably lost, and that the company has ordered "hundreds of new computers.”
The Bottom Line:

  • The initial point of delivery is still under debate however, intel analysts from Recorded Future believe it could likely be “some form of remote access, such as an open RDP server.”
  • Although it doesn’t appear to be an attack on the industrial control systems (ICS) assets for the purpose of causing damage, these developments highlight the fact that industrial operations can still be affected by systems that aren’t traditionally in the control network.
 

Colorado water district hit with ransomware

The Details:

  • Feb. 11, employees of the Fort Collins Loveland Water District and South Fort Collins Sanitation District were locked out of technical and engineering data and drawings stored on their computers.
  • This appears to be the second time in two years for the districts.
  • The ransom demand and payment options were not disclosed, but district officials said they would not pay.
  • Data was recovered approximately three weeks after attack without payment.
The Bottom Line:

  • Ransomware targeting ICS and utility organizations seems to be a growing trend over recent weeks and months.
  • LockerGoga was used in the American chemical companies attack, mentioned in this Weekly Update, and the recent attack on Norwegian aluminum manufacturer Norsk Hydro.
  • There is no indication that any of these attacks are intended for anything else other than financial gain, however, in the case of Norsk Hydro, industrial operations were affected.
  • Small and medium-sized utilities like Fort Collins Loveland Water District are particularly vulnerable as manpower and resources can be a challenge.
  • Dave Weinstein of ICS security firm Claroty, "Small mom-and-pop operators, I've visited a number of those sites. A lot of them are being held together by Scotch tape and bubble gum," Weinstein said. "It's pretty precarious."
FERC and DoE “Security Investments for Energy Infrastructure” conference

The Details:

  • Docket No. AD19-12-000, Thursday, March 28, 2019.
  • This technical conference is aimed at better understanding (1) the need for security investments that go beyond those measures already required by mandatory reliability standards, including in infrastructure not subject to those standards (e.g., natural gas pipelines); (2) how the costs of such investments are or could be recovered; and (3) whether additional incentives for making such investments are needed, and if so, how those incentives should be designed.
  • The conference held two panels:
  1. Cyber and Physical Security, Best Practices, and Industry and Government Engagement
  2. Incentives and Cost Recovery for Security Investments
The Bottom Line:

  • President and CEO of NERC, James B. Robb, participated in the first paneling by discussing threats and best practices.
  • His statement focused on (1) the role, services and products of the E-ISAC; (2) cybersecurity threats and trends; (3) interdependencies among energy infrastructure from a security perspective; and (4) designing a more secure system.
 

Report: Russia spoofed global navigation satellite system at least 9,800 times

The Details:

  • Recently, the Center for Advanced Defense (C4ADS) released the report, Above Us Only Stars: Exposing GPS Spoofing in Russia and Syria.
  • C4ADS (www.c4ads.org) is a 501(c)(3) nonprofit organization dedicated to data-driven analysis and evidence-based reporting of conflict and security issues worldwide.
  • The four main sections of the report cover spoofing of Global Navigation Satellite Systems (GNSS):
  1. Spoofing across Russia and occupied territories. They identify 9,883 suspected instances across 10 locations that affected 1,311 civilian vessel navigation systems since February 2016.
  2. Russian GNSS spoofing for very important person (VIP) protection. We find a close correlation between movements of the Russian head of state and GNSS spoofing events.
  3. Russian GNSS spoofing for strategic facilities protection.
  4. GPS spoofing in active Russian combat zones, particularly Syria, for airspace denial purposes. This is a capability scarcely reported in the public domain.
The Bottom Line:

  • This type of activity again highlights the expanding battlefield of advanced persistent threats (APTs) and cyberoperations on a state level in countries like Russia, China, North Korea, etc.
  • Based on C4ADS’s conclusion, this series of GPS spoofing is thought to enable Russia with protecting VIPs and facilities, as well as supporting “ventures” in other countries.
Eric Holdeman
Eric Holdeman
Eric Holdeman is a contributing writer for Emergency Management magazine and is the former director of the King County, Wash., Office of Emergency Management.
See More Stories by Eric Holdeman
gov-footer-logo-2024.png
gt-footer-logo.png
ii-footer-logo.png
nav-footer-logo.png
cdg-footer-logo.png
cde-footer-logo.png
em-footer-logo.png