Utility Vulnerabilities: Critical Infrastructure Safeguards

Posted on May 6th, 2015

Understanding malware attacks and other cyber security concerns are imperative to both personal and national security.  Professionals need to pay close attention to the information released to maintain a high security posture. In July of last year in response to a Freedom of Information Act (FOIA) request the DHS confused Operation Aurora with The Aurora Project and released confidential information. This was a critical error that could be costly for organizations.

Operation Aurora, is a malware attack that took place in 2010. The Aurora Project, despite having a similar sounding name, is not a malware attack at all but rather a research effort from the Idaho National Laboratory who recorded a video that demonstrated the ease at which a cyber attack could infect power and water utilities.

In the wake of recent and increasingly complex attacks it has been questioned whether a major attack on our critical infrastructure is next.  The ease with with confidential information can be leaked is one of the many reasons why understanding critical infrastructure safeguards are more important than ever before.

The Aurora Project: What is an Aurora Attack?

An Aurora attack describes a situation where a circuit breaker or breaker system is opened and closed, resulting in the type of out of phase condition that can damage alternating current equipment connected to a power grid. The associated threat then creates a situation where generators are rapidly disconnecting and reconnecting to the grid, but out of phase. This type of situation can have devastating effects on system operation, particularly with regards to power and water companies. Infrastructure and equipment could be heavily damaged or destroyed, leaving a costly and unfortunate situation that could negatively affect the lives of millions of consumers.

Real Attacks: Stuxnet & Shamoon

An Aurora attack isn't the only vulnerability that utility providers need to concern themselves with. Stuxnet is a type of malware worm, discovered in June 2010, designed to attack industrial programmable logic controllers. Targeted at Iranian computers, Stuxnet hijacked targeted computers to cause physical destruction on centrifuge equipment that the computers controlled. Stuxnet was the first zero day attack that proved that high level destruction that is possible.  Believed to be in response to Stuxnet, a computer virus known as Shamoon wiped the hard drives on tens of thousands of computers belonging to Saudi Aramaco in 2012.

Important Critical Infrastructure Safeguards

The seriousness of these attacks proves that the importance of critical infrastructure safeguards cannot be overstated. Legacy systems present a huge vulnerability that continues to grow as systems continue to age. Upgrading legacy infrastructure is a costly proposition, as these are generally mission critical operations that would seriously interfere with day to day operations. Developing a replacement plan that can phase in over time is important.  

The development of an actionable response plan is critical for utility companies in the event that a cyber attack does occur. Plans need to clearly define the responsibilities of all IT staff members. Response plans should also test control system devices and communication techniques to help make sure that everything is operating as efficiently as possible at all times.

Security Controls

One of the real keys to preventing devastating cyber attacks is to place proper security controls around your systems.  The right partner can help you in choosing the right technology for your organization and in developing a plan for the future. TVAR Solutions is a value added reseller with a deep level of security knowledge to develop comprehensive protection and future infrastructure plans. TVAR works with best in class technologies like Fortinet, to determine the best solutions for the unique requirements for each organization.

Questions/Comments? Contact information@tvarsolutions.com

View more news and events

Let's Talk Today

Latest Happenings

Upcoming Events:
12/11-12/13 - Law Enforcement - Homeland Security Forum and Technology Exposition
1/10 - GSA, NTSB, HUD, DHS, FAA, DOE at L'Enfant Plaza
We're loving our new Denver office space! November 1, 2018
Here's to another great season, Capitals!
First team lunch in our new digs! We're now in Suite 240!
TVAR Solutions Named to CRN’s 2018 Solution Provider 500 List Read More
We're excited to welcome a new Civilian Rep, Adam Strisik to the team!
Happy to report 100% participation in our latest charitable giving campaign with GiveStream! We love being able to choose charities that we are passionate about! Find more info here!
We'd like to welcome two new members to the team!! Hunter MacBain, who is covering Air Force and Rosa Morales, who is our new Marketing Associate & Office Manager. Happy to have you both!
Gonzo was definitely Mr. Popular today at the TVAR office!
We have 2 new TVARian's! We'd like to welcome Natalie Lane, our new Accounting & HR Manager and Aaron Bradd who will be covering Department of Justice. Thrilled to have you both here with us.
At Super Computer 2017, our Account Manager Chris Clifton discussed TVAR Solutions' differentiators as well as our strong partnership with Panasas. Watch here! https://www.youtube.com/watch?v=VP657NG_Fj8&feature=youtu.be
Panasas Names TVAR Solutions 2016 Partner of the Year! February 28, 2017 Read more here.
We're very pleased to welcome Chris Norton, Lucas Arroyo, Sam O'Daniel, and Cris Musselwhite to the TVAR Team!
Nikki takes our Monday morning forecast meetings very seriously! November 21, 2016
We'd like to welcome our new Customer Support Rep, David Mendes to the team as well as a new Special Programs Rep Jim Rice! We're excited to have you both.
We loved giving back with Hewlett Packard Enterprise last week at their USO-Metro: Pack for the Troops Event!
"I chose the Pancreatic Cancer Action Network because we lost my grandfather in 2007 to pancreatic cancer. They hold wonderful fundraising events that my family participates in periodically and they're very passionate about helping those that are affected as well as raising funds for research. I love that TVAR has given us the opportunity to hand select charities we are passionate about." - Lauren Baird
We're happy to announce our new corporate giving campaign through Innovative Corporate Charitable Solutions! EVERY employee gets to choose a charity where a portion of TVAR's funds will go to! A message from our President, Dave Saunders: click here.
TVAR Solutions Named to CRN’s 2016 Solution Provider 500 List! Read More Here.
"Welcome to TVAR Solutions, can I help you?" - Nikki, one of our favorite TVAR dogs #TGIF
We start them early at TVAR...James learning how to forecast!