Company advocates that risk assessments should start with understanding attacker taxonomy and continue with dynamic vulnerability analysis
Mahwah, NJ (January 14, 2019) – Radiflow, a leading provider of industrial cybersecurity solutions for critical infrastructure, today announced that the company is presenting a new approach for classifying the attack characteristics and assessing attack vulnerabilities on OT networks in a recently published whitepaper titled Meet Your Attacker: SCADA Attackers Taxonomy and Analysis .
In the company’s new whitepaper, Radiflow explains that while the reporting on cybersecurity incidents and attack campaigns on is on the rise, each reporting organization uses a different analysis methodology.
For example, the cyberattack in the power grid in Ukraine in 2015 was covered by over 30 research centers around the world with each using its own methodology and publishing biased conclusions influenced by the researcher’s knowledge and the organization’s point of view.
“The increase in the number of reports, each with different analysis methodology, makes it challenging for security analysts to derive coherent and clear conclusions from the cases,” explains Yehonatan Kfir, CTO of Radiflow and the author of this whitepaper. “The current lack of a single taxonomy to analyze security incidents leads to difficulties in understanding the threat landscape in an unbiased way.”
In the whitepaper, Radiflow analyzes several highly publicized cybersecurity incidents over the past ten years, including the Triton and the Ukraine electricity blackout cases, and puts forward a new evidence-based taxonomy for classifying and analyzing the impact of each on OT networks.
“We believe our new taxonomy and case analysis provides a clearer model for understanding cyber-attacks on SCADA systems,” added Kfir. “Our new taxonomy gives risk managers a coherent framework for analyzing the different types of attackers and allows them to plan their security defenses according to the attacker models that are relevant for their specific organizations.”
According to Radiflow, the next evolutional step in risk analysis for critical infrastructure operators and industrial enterprises is dynamically determining the impact of disclosed vulnerabilities. The company advocates that this should be done based on the context of the organization’s OT network and business logic related to the relevant attacker models.
“Here too there are issues with the existing methods as the two major vulnerability disclosure organizations – NIST and ICS-CERT – use scoring standards for the risk assessment of disclosed vulnerabilities with a bias towards IT networks, specifically the potential of a vulnerability to compromise sensitive data and cause non-compliance with regulations,” stated Kfir. “Even though these two organizations do not always agree on the impact of a disclosed vulnerability, this framework is clearly a good fit for corporate IT networks, although is not always applicable to the context of industrial environments and the SCADA and ICS systems running on OT networks.”
For more information on Radiflow’s new approach to classifying and assessing attack vulnerabilities on OT networks, please download the company’s new whitepaper titled Meet Your Attacker: SCADA Attackers Taxonomy and Analysis.
Yehonatan Kfir, Radiflow’s CTO, will also be speaking on the topic in his presentation titled ICS Security – Beyond Visibility Towards Analytics at the S4x19 event in Miami on January 14 – 17.
At the S4x19 event, Radiflow invites all participants to visit the company’s at Booth G and complete the company’s short survey to discover the vulnerability score of their organizations. Participants that complete the survey will receive their results after the event and a copy of the overall survey results that will allow them to anonymously compare their results with their peers.
Radiflow is a leading provider of cybersecurity solutions for critical infrastructure networks (i.e. SCADA), such as power utilities, oil, gas and water. SCADA networks often extend across multiple remote sites, allowing automation devices to be controlled from the control center. Radiflow’s security tool set validates the behavior of both M2M applications and H2M (Human-to-Machine) sessions in distributed operational networks. Radiflow’s security solutions are available both as in-line gateways for remote sites and as a non-intrusive IDS (Intrusion Detection System) that can be deployed per site or centrally. Radiflow was founded in 2009 as part of the RAD group, a family of ICT vendors with over $1Bn annual revenues. Radiflow solutions were launched at the end of 2011, validated by leading research labs and successfully deployed by major utilities worldwide. Radiflow’s solutions are sold as either integrated into wider end-to-end solution of global automation vendors or as a standalone security solution by local channel partners. For more information, please visit www.radiflow.com and follow the company on LinkedIn.
+1 617 418 3024