SlideShare a Scribd company logo

Cyber Threats that impact the US Energy Infrastructure

โ€ข
โ€ข
David Sweigert
David Sweigert

This intelligence assessment from the Department of Homeland Security analyzes the cyber threat landscape facing the US energy sector. It finds that while advanced persistent threat actors like nation-states are targeting the sector, the risk of a damaging cyber attack is low as their activity is focused on espionage. The majority of malicious activity comes from opportunistic cybercrime rather than targeted attacks. Media reports have led to some misperceptions about the threat level due to overuse of the term "cyber attack". The assessment concludes the risk of a disruptive attack on US energy infrastructure remains low.

Government & Nonprofit
1 of 8
I N T E L L I G E N C E A S S E S S M E N T U N C L A S S I F I E D / / F O R O F F I C I A L U S E O N L Y U N C L A S S I F I E D / / F O R O F F I C I A L U S E O N L Y (U//FOUO) Damaging Cyber Attacks Possible but Not Likely Against the US Energy Sector 27 January 2016 Office of Intelligence and Analysis IA-0060-16 (U) Warning: This document is UNCLASSIFIED//FOR OFFICIAL USE ONLY (U//FOUO). It contains information that may be exempt from public release under the Freedom of Information Act (5 U.S.C. 552). It is to be controlled, stored, handled, transmitted, distributed, and disposed of in accordance with DHS policy relating to FOUO information and is not to be released to the public, the media, or other personnel who do not have a valid need to know without prior approval of an authorized DHS official. State and local homeland security officials may share this document with authorized critical infrastructure and key resource personnel and private sector security officials without further approval from DHS
U N C L A S S I F I E D / / F O R O F F I C I A L U S E O N L Y U N C L A S S I F I E D / / F O R O F F I C I A L U S E O N L Y 22 January 2016 (U//FOUO) Damaging Cyber Attacks Possible but Not Likely Against the US Energy Sector (U) Prepared by the Office of Intelligence and Analysis (I&A). Coordinated with the Industrial Control Systems Computer Emergency Response Team (ICS-CERT). (U) Key Judgments (U//FOUO) We assess the threat of a damaging or disruptive cyber attack against the US energy sector is low. We judge advanced persistent threat (APT) nation-state cyber actors are targeting US energy sector enterprise networks primarily to conduct cyber espionage. The APT activity directed against sector industrial control system (ICS) networks probably is focused on acquiring and maintaining persistent access to facilitate the introduction of malware, and likely is part of nation-state contingency planning that would only be implemented to conduct a damaging or disruptive attack in the event of hostilities with the United States. (U//FOUO) We assess the majority of malicious activity occurring against the US energy sector is low-level cybercrime that is likely opportunistic in nature rather than specifically aimed at the sector, is financially or ideologically motivated, and is not meant to be destructive. (U//FOUO) We assess that imprecise use of the term โ€œcyber attackโ€ in open source media reporting and throughout the private sector has led to misperceptions about the cyber threat to the US energy sector. (U//FOUO) Advanced Persistent Threat Actors Not Likely To Conduct Damaging or Disruptive Attack (U//FOUO) We assess the threat of a damaging or disruptive cyber attack against the US energy sector is low. We judge APT nation-state cyber actors are targeting US energy sector enterprise networks primarily to conduct cyber espionage. The APT activity directed against sector ICS networks probably is focused on acquiring and maintaining persistent access to facilitate the introduction of malware, and likely is part of nation-state contingency planning that would only be implemented to conduct a damaging or disruptive attack in the event of hostilities with the United States. (U) Scope (U//FOUO) This Assessment establishes a baseline analysis of cyber threats to the US energy sector based on comprehensive FY 2014 incident reporting data compiled by ICS-CERT, as well as reporting by the Intelligence Community (IC), private sector cybersecurity industry, and open source media between early 2011 and January 2016. This Assessment is designed to help close gaps between the private sectorโ€™s and the ICโ€™s understanding of current cyber threats facing the US energy sector. Critical infrastructure owners and operators can use this analysis to better understand cyber threats facing the US energy sector and help focus defensive strategies and operations to mitigate these threats. The Assessment does not include an in-depth analysis of foreign cyber doctrines or nation-state red lines for conducting cyber attacks against the United States. The information cutoff date for this Assessment is January 2016. (U) Industrial Control Systems (U) ICS are computers that control real-world activity; for example, ICS are used to run power plants, manufacturing assembly lines, commercial air conditioning systems, and building elevators.
U N C L A S S I F I E D / / F O R O F F I C I A L U S E O N L Y U N C L A S S I F I E D / / F O R O F F I C I A L U S E O N L Y Page 2 of 7 ยป (U//FOUO) APT actors were responsible for at least 17 intrusions against the US energy sector in FY 2014, according to ICS-CERT incident report dataโ€”the last full year for which this data was available.1 Included in these intrusions are incidents of data theft from enterprise networks and accessing and maintaining presence on ICS. APT actors did not cause any damage or disruption in any of the 17 reported incidents, according to the same ICS-CERT incident report data.2 ยป (U//FOUO) ICS-CERT in late 2014 became aware of an ongoing campaign, dating to 2011, targeting ICS devices worldwide using Havex malware, according to ICS-CERT alerts and cybersecurity industry analysis.3,4,5,6 This activity is attributed to suspected Russian state-sponsored actors according to cybersecurity industry analysis.7,8 ยป (U//FOUO) APT actors in FY 2014 were responsible for two confirmed intrusions into US petroleum organizationsโ€™ enterprise networks, and are suspected of exfiltrating data in at least one case, according to ICS-CERT incident report data.11 (U//FOUO) Low-level Cybercrime Predominant Activity Against US Energy Sector (U//FOUO) We assess the majority of malicious activity occurring against the energy sector is low-level cybercrime that is likely opportunistic in nature rather than specifically aimed at the sector, is financially or ideologically motivated, and is not meant to be destructive. Low-level activity such as that by cybercriminals or criminal hackers is less likely to be reported to ICS-CERT, as the organizations themselves may be able to handle the incidentโ€”meaning the number of low-level cybercrime incidents is probably much higher. Low-level cybercrime incidents cost the energy sector billions of dollars in cybersecurity spending and insurance coverage against cyber attacks.16 ยป (U//FOUO) Of the cyber incidents against the US energy sector reported to ICS-CERT in FY 2014, 63 percent involved unattributed, low-level activity against enterprise networksโ€”for which we have insufficient information to provide definitive attribution.17 We assess these incidents likely were conducted by cybercriminals, criminal hackers, unknown actors, and insiders. In addition, many of these incidents were handled independently of ICS-CERT, either by the victim organizations themselves or by third-party consultants. ยป (U//FOUO) Unknown actors in FY 2014 used the Bang distributed denial-of-service (DDoS) malware to infect at least four US electricity organizations, according to ICS-CERT incident report data.18 DDoS malware is typically spread by targeting vulnerabilities rather than specific organizations, indicating the electricity organizations probably were not targeted specifically. ยป (U//FOUO) Cybercriminals in FY 2014 used Cryptolocker ransomware to infect three US energy organizations, according to ICS-CERT incident report data.19 Cryptolocker encrypts the victimโ€™s data so it can no longer be accessed (U//FOUO) Havex Malware (U//FOUO) Havex is a malware tool likely developed by Russian state-sponsored cyber actors. Its main function is to gather system information, but it also can run specialized plug-ins for additional capabilities.9,10 (U) Ukraine Power Outage (U//FOUO) Open source media and various US cybersecurity threat intelligence companies have claimed that at least six Ukrainian regional power providers in late December suffered a cyber attack causing the loss of power for more than 80,000 customers for up to six hours12,13 Due to limited authoritative reporting, I&A is unable to confirm the event was triggered by cyber means. While not independently confirmed as the cause of the outage, malware provided by Kyiv indicates the presence of a variant of an ICS-specific malware on the energy providerโ€™s systems, according to ICS-CERT analysis.14 The variant provided by the Ukrainian Government has the capability to enable remote access and delete computer content, including system drives.15 I&A cannot attribute this operation to any specific cyber actor, but the attacks are consistent with our understanding of Moscowโ€™s capability and intent, including observations of cyber operations during regional tensions. This incident does not represent an increase in the threat of a disruptive or destructive attack on US energy infrastructure, which I&A assesses is low.
U N C L A S S I F I E D / / F O R O F F I C I A L U S E O N L Y U N C L A S S I F I E D / / F O R O F F I C I A L U S E O N L Y Page 3 of 7 without a passkey, which only the cybercriminal possesses. To recover the data, the victim must pay a ransomโ€” usually in bitcoinsโ€”to the cybercriminal. ยป (U) Unidentified cybercriminals in May 2013 compromised the payroll login credentials of a North Carolina fuel distribution company, and during the course of five days stole more than $800,000 before the theft was noticed, according to a well-known cybersecurity media outlet.20 (U//FOUO) Misperceptions about Cyber Threats in the Energy Sector (U//FOUO) We assess imprecise use of the term โ€œcyber attackโ€ in open source media reporting and throughout the private sector has led to misperceptions about the cyber threat to the US energy sector. The term โ€œcyber attackโ€ is frequently used to refer to any cyber incident directed against the US energy sector. This overuse of the term โ€œcyber attackโ€ creates an unnecessarily alarmist general view of the threat to the sector. โ€œCyber attackโ€โ€”which should denote intent to cause denial, disruption, destruction, or other negative effectsโ€”is frequently used in the private sector to describe cyber espionage, and even low-level, untargeted incidents of cybercrime. Overuse of the term โ€œcyber attack,โ€ risks โ€œalarm fatigue,โ€ which could lead to longer response times or to missing important incidents.* ยป (U//FOUO) A major media outlet reported in December 2014 that the nationโ€™s energy grid is constantly under โ€œattackโ€ by hackers. The article makes this claim by drawing on an ICS-CERT statement regarding the number of incidents it responded to in FY 2014.21 In fact, none of these events were properly considered attacks because no disruption, denial, or destruction occurred; rather, these events are more correctly described as espionage or some other activity. The only two incidents that resulted in damage or disruption to the victimโ€™s systems were self-inflictedโ€”caused by accidental misconfiguration, according to DHS incident report data.22 ยป (U//FOUO) Another major media outlet in November 2014 published an article speculating that China could shut down the US electric power grid through a cyber attack, but the article offered no concrete evidence to support this claim.23 According to all sources of information available to the IC, ICS-CERT, and the private sector, there have been no damaging or destructive attacks against the US energy sector. We also have no reporting that Chinese cyber actors have ever accessed the ICS components of any US energy sector entity. (U) Mitigation Measures (U//FOUO) Regardless whether adversarial APT actors intend to conduct damaging attacks against the US energy sector, it is clear that the sector is vulnerable to low-level cybercrime and sophisticated state-sponsored APT activity. In properly segmented networksโ€”where ICS components are not directly connected to the Internetโ€”the enterprise network is often the entry point for targeted and untargeted malicious activity against ICS components. Energy sector asset owners and operators can reduce the risk of malicious activity reaching ICS components by better protecting and securing their enterprise networks. Four relatively simple tactics could result in a significant decrease in compromises: implementing up-to-date e-mail filters; keeping antivirus definitions current; keeping software patches current; and continually training users. * (U) Alarm fatigue occurs when one is exposed to a large number of frequent alarms and consequently becomes desensitized to them. Desensitization can lead to longer response times or to missing important alarms.
U N C L A S S I F I E D / / F O R O F F I C I A L U S E O N L Y U N C L A S S I F I E D / / F O R O F F I C I A L U S E O N L Y Page 4 of 7 (U) Appendix A: ICS-CERT and US-CERT Publications (U//FOUO) ICS-CERT works to reduce risks within and across all critical infrastructure sectors by partnering with law enforcement agencies and the IC and coordinating efforts among federal, state, local, and tribal governments and control systems owners, operators, and vendors. Additionally, ICS-CERT collaborates with international and private sector computer emergency response teams to share control systems-related security incidents and mitigation measures. ICS-CERT distributes advisories, alerts, bulletins, and recommended practices through its website: https://ics-cert.us- cert.gov/. (U//FOUO) ICS-CERT has published ICS-TIP-12-146-01B, which provides guidance and recommended practices for intrusion detection and mitigation strategies. This technical information paper can be found at, https://ics-cert.us- cert.gov/tips/ICS-TIP-12-146-01B. (U//FOUO) Organizations should routinely evaluate how to integrate best practices into their current environments to achieve system integrity, including the assurance of software authenticity and user identity. To assist in this endeavor, US-CERT has published recommended best practices in TIP-11-075-01, which can be found at, https://www.us- cert.gov/sites/default/files/publications/TIP11-075-01.pdf. (U//FOUO) US critical infrastructure consists of the physical and cyber assets of public and private entities in several sectors, including the US energy sector. The healthy functioning of cyber assets is essential to our economy and national security. US-CERT has published a paper outlining strategic objectives to prevent cyber attacks against US critical infrastructure, reduce national vulnerability to cyber attacks, and minimize damage and recovery time from cyber attacks. This document can be found at, https://www.us-cert.gov/security-publications/national-strategy-secure-cyberspace.
U N C L A S S I F I E D / / F O R O F F I C I A L U S E O N L Y U N C L A S S I F I E D / / F O R O F F I C I A L U S E O N L Y Page 5 of 7 (U) Appendix B: ICS-CERT Incident Report Data (U) The below chart displays all ICS-CERTโ€™s 2014 US energy sector incident resport data by consequence and threat actors. (U) The classification of the above table is U//FOUO.24
U N C L A S S I F I E D / / F O R O F F I C I A L U S E O N L Y U N C L A S S I F I E D / / F O R O F F I C I A L U S E O N L Y Page 6 of 7 (U) Tracked by: HSEC-1.1, HSEC-1.6, HSEC-1.10 1 (U//FOUO); DHS; ICS-CERT; REPORT NO. UNK; FEB 2015; DOI 01 OCT 2013 โ€“ 30 SEP 2014; (U//FOUO); Fiscal Year 2014 Incident Response Data; Extracted information is U//FOUO; Overall document classification is S//NF. 2 (U//FOUO); DHS; ICS-CERT; REPORT NO. UNK; FEB 2015; DOI 01 OCT 2013 โ€“ 30 SEP 2014; (U//FOUO); Fiscal Year 2014 Incident Response Data; Extracted information is U//FOUO; Overall document classification is S//NF. 3 (U); DHS; ICS-CERT; โ€œICS Focused Malware (Update A)โ€; 07 JUL 2015; https://ics-cert.us-cert.gov/alerts/ICS-ALERT-14-176-02A; accessed on 08 SEP 2015. 4 (U); PC WORLD; โ€œNew Havex Malware Variants Target Industrial Control System and SCADA Usersโ€; http://www.pcworld.com/article/2367240/new-havex-malware-variants-target-industrial-control-system-and-scada-users.html; accessed on 07 JUL 2015; (U); Article. 5 (U); DHS; ICS-CERT; ICS-ALERT-14-281-01B; 21 NOV 2014; DOI UNK; (U); Ongoing Sophisticated Malware Campaign Compromising ICS; Extracted information is UNCLASSIFIED; Overall document classification is UNCLASSIFIED. 6 (U); Symantec; โ€œDragonfly: Energy Companies Under Sabotage Threatโ€; 2012; https://files.sans.org/summit/ics2015/PDFs/Technical_Briefing_ICSTargeted_Threats.pdf; accessed on 08 SEP 2015; (U); Briefing. 7 (U); PC WORLD; โ€œNew Havex Malware Variants Target Industrial Control System and SCADA Usersโ€; http://www.pcworld.com/article/2367240/new-havex-malware-variants-target-industrial-control-system-and-scada-users.html; accessed on 07 JUL 2015; (U); Article. 8 (U); Symantec; โ€œDragonfly: Energy Companies Under Sabotage Threatโ€; 2012; https://files.sans.org/summit/ics2015/PDFs/Technical_Briefing_ICSTargeted_Threats.pdf; accessed on 08 SEP 2015; (U); Briefing. 9 (U); Symantec; โ€œDragonfly: Energy Companies Under Sabotage Threatโ€; 2012; https://files.sans.org/summit/ics2015/PDFs/Technical_Briefing_ICSTargeted_Threats.pdf; accessed on 08 SEP 2015; (U); Briefing. 10 (U); DHS; ICS-CERT; โ€œICS Focused Malware (Update A)โ€; 07 JUL 2015; https://ics-cert.us-cert.gov/alerts/ICS-ALERT-14-176-02A; accessed on 08 SEP 2015. 11 (U//FOUO); DHS; ICS-CERT; REPORT NO. UNK; FEB 2015; DOI 01 OCT 2013 โ€“ 30 SEP 2014; (U//FOUO); Fiscal Year 2014 Incident Response Data; Extracted information is U//FOUO; Overall document classification is S//NF. 12 (U); iSight Partners; 15-00014822; 30 DEC 2015, Version 2; (U); Power Outage by Cyber Attack on Energy Control Systems in Several Regions of Ukraine; (U); Cybersecurity industry report. 13 (U); Eduard Kovacs; Security Weekly; โ€œUkrain Accuses Russia of Hacking Power Companiesโ€; www.securityweek.com/ukraine-accuses- russia-hacking-power-companies; (U); Article. (U) Source Summary Statement (U) This Assessment is based on ICS-CERT incident reporting data and information self-reported to ICS-CERT by victim organizations from Fiscal Year 2014โ€”the last full year for which incident reporting data was available. This Assessment is also supported by information from reputable cybersecurity firms and the US media. We have high confidence in the accuracy and reliability of the ICS-CERT data, but acknowledge that newer ICS-CERT data might change our assessment. We also have high confidence in the reporting from reputable cybersecurity firms. Although the media reporting corroborates other reporting, this information may be intended to influence as well as inform, giving us medium confidence in this information. While we have high to medium confidence in the accuracy and reliability of these sources, our overall confidence in this assessment is medium because of the lack of data that would provide a comprehensive understanding of all malicious cyber incidents affecting the US energy sector. (U) Reporting Computer Security Incidents (U) To report a computer security incident, either contact US-CERT at 888-282-0870, or go to https://forms.us- cert.gov/report/ and complete the US-CERT Incident Reporting System form. The US-CERT Incident Reporting System provides a secure, web-enabled means of reporting computer security incidents to US-CERT. An incident is defined as a violation or imminent threat of violation of computer security policies, acceptable use policies, or standard computer security practices. In general, types of activity commonly recognized as violating typical security policies include attempts (either failed or successful) to gain unauthorized access to a system or its data, including personally identifiable information; unwanted disruption or denial of service; the unauthorized use of a system for processing or storing data; and changes to system hardware, firmware, or software without the ownerโ€™s knowledge, instruction, or consent.
U N C L A S S I F I E D / / F O R O F F I C I A L U S E O N L Y U N C L A S S I F I E D / / F O R O F F I C I A L U S E O N L Y Page 7 of 7 14 (U); DHS; I&A Intelligence Analyst; Meeting; 04 JAN 2016; DOI UNK; (U); Meeting with ICS-CERT and E-ISAC; Extracted information is UNCLASSIFIED; Overall document classification is UNCLASSIFIED. 15 (U); DHS; I&A Intelligence Analyst; Meeting; 04 JAN 2016; DOI UNK; (U); Meeting with ICS-CERT and E-ISAC; Extracted information is UNCLASSIFIED; Overall document classification is UNCLASSIFIED. 16 (U); Fortune; โ€œLloydโ€™s CEO: Cyber Attacks Cost Companies $400 Billion Every Yearโ€; 23 JAN 2015; http://fortune.com/2015/01/23/cyber attack-insurance-lloyds/; accessed on 21 SEP 2015; (U); Article. 17 (U//FOUO); DHS; ICS-CERT; REPORT NO. UNK; FEB 2015; DOI 01 OCT 2013 โ€“ 30 SEP 2014; (U//FOUO); Fiscal Year 2014 Incident Response Data; Extracted information is U//FOUO; Overall document classification is S//NF. 18 (U//FOUO); DHS; ICS-CERT; REPORT NO. UNK; FEB 2015; DOI 01 OCT 2013 โ€“ 30 SEP 2014; (U//FOUO); Fiscal Year 2014 Incident Response Data; Extracted information is U//FOUO; Overall document classification is S//NF. 19 (U//FOUO); DHS; ICS-CERT; REPORT NO. UNK; FEB 2015; DOI 01 OCT 2013 โ€“ 30 SEP 2014; (U//FOUO); Fiscal Year 2014 Incident Response Data; Extracted information is U//FOUO; Overall classification is S//NF. 20 (U); Krebs on Security; โ€œNC Fuel Distributor Hit by $800,000 Cyberheistโ€; 23 MAY 2013; http://www.krebsonsecurity.com/2013/05/nc-fuel-distributor-hit-by-800000-cyberheist/; accessed on 11 SEP 2015; (U); Blog. 21 (U); CNN; โ€œHackers attacked the U.S. energy grid 79 times this yearโ€; 29 DEC 2014; http://money.cnn.com/2014/11/18/technology/security/energy-grid-hack/; accessed on 8 SEP 2015; (U); Article. 22 (U//FOUO); DHS; ICS-CERT; REPORT NO. UNK; FEB 2015; DOI 01 OCT 2013 โ€“ 30 SEP 2014; (U//FOUO); Fiscal Year 2014 Incident Response Data; Extracted information is U//FOUO; Overall document classification is S//NF. 23 (U); Forbes; โ€œChinese Cyber Attack Could Shut Down U.S. Electric Power Gridโ€; 28 NOV 2014; http://www.forbes.com/sites/robertlenzner/2014/11/28/chinese-cyber attack-could-shut-down-u-s-electric-power-grid/; accessed on 8 SEP 2015; (U); Article. 24 (U//FOUO); DHS; ICS-CERT; REPORT NO. UNK; FEB 2015; DOI 01 OCT 2013 โ€“ 30 SEP 2014; (U//FOUO); Fiscal Year 2014 Incident Response Data; Extracted information is U//FOUO; Overall document classification is S//NF.

Recommended

A US Cybersecurity Strategy for 2030
A US Cybersecurity Strategy for 2030A US Cybersecurity Strategy for 2030
A US Cybersecurity Strategy for 2030
Scott Dickson
ย 
The Security Implications of Foreign Hardware & Software February 2019
The Security Implications of Foreign Hardware & Software February 2019The Security Implications of Foreign Hardware & Software February 2019
The Security Implications of Foreign Hardware & Software February 2019
ChadCogan
ย 
The Federal Government's Track Record on Cybersecurity and Critical Infrastru...
The Federal Government's Track Record on Cybersecurity and Critical Infrastru...The Federal Government's Track Record on Cybersecurity and Critical Infrastru...
The Federal Government's Track Record on Cybersecurity and Critical Infrastru...
- Mark - Fullbright
ย 
Manage the Complexity
Manage the ComplexityManage the Complexity
Manage the Complexity
Motorola Solutions
ย 
Cyber terrorism fact or fiction - 2011
Cyber terrorism fact or fiction - 2011Cyber terrorism fact or fiction - 2011
Cyber terrorism fact or fiction - 2011
hassanzadeh20
ย 
Hacking Municipal Government Best Practices for Protection of Sensitive Loc...
Hacking Municipal Government Best Practices for Protection of Sensitive Loc...Hacking Municipal Government Best Practices for Protection of Sensitive Loc...
Hacking Municipal Government Best Practices for Protection of Sensitive Loc...
Ben Griffith
ย 
โ€œWeapons of Mass Disruption - Council on Foreign Relationsโ€
โ€œWeapons of Mass Disruption - Council on Foreign Relationsโ€โ€œWeapons of Mass Disruption - Council on Foreign Relationsโ€
โ€œWeapons of Mass Disruption - Council on Foreign Relationsโ€
Jeff Kaplan
ย 
114-116
114-116114-116
114-116
IKERIONWU FREDRICK
ย 

Recommended

A US Cybersecurity Strategy for 2030
A US Cybersecurity Strategy for 2030A US Cybersecurity Strategy for 2030
A US Cybersecurity Strategy for 2030
Scott Dickson
ย 
The Security Implications of Foreign Hardware & Software February 2019
The Security Implications of Foreign Hardware & Software February 2019The Security Implications of Foreign Hardware & Software February 2019
The Security Implications of Foreign Hardware & Software February 2019
ChadCogan
ย 
The Federal Government's Track Record on Cybersecurity and Critical Infrastru...
The Federal Government's Track Record on Cybersecurity and Critical Infrastru...The Federal Government's Track Record on Cybersecurity and Critical Infrastru...
The Federal Government's Track Record on Cybersecurity and Critical Infrastru...
- Mark - Fullbright
ย 
Manage the Complexity
Manage the ComplexityManage the Complexity
Manage the Complexity
Motorola Solutions
ย 
Cyber terrorism fact or fiction - 2011
Cyber terrorism fact or fiction - 2011Cyber terrorism fact or fiction - 2011
Cyber terrorism fact or fiction - 2011
hassanzadeh20
ย 
Hacking Municipal Government Best Practices for Protection of Sensitive Loc...
Hacking Municipal Government Best Practices for Protection of Sensitive Loc...Hacking Municipal Government Best Practices for Protection of Sensitive Loc...
Hacking Municipal Government Best Practices for Protection of Sensitive Loc...
Ben Griffith
ย 
โ€œWeapons of Mass Disruption - Council on Foreign Relationsโ€
โ€œWeapons of Mass Disruption - Council on Foreign Relationsโ€โ€œWeapons of Mass Disruption - Council on Foreign Relationsโ€
โ€œWeapons of Mass Disruption - Council on Foreign Relationsโ€
Jeff Kaplan
ย 
114-116
114-116114-116
114-116
IKERIONWU FREDRICK
ย 
Worldwide Cyber Threats report to House Permanent Select Committee on Intelli...
Worldwide Cyber Threats report to House Permanent Select Committee on Intelli...Worldwide Cyber Threats report to House Permanent Select Committee on Intelli...
Worldwide Cyber Threats report to House Permanent Select Committee on Intelli...
David Sweigert
ย 
RSTREET17
RSTREET17RSTREET17
RSTREET17
Steven Titch
ย 
Cyber Warfare -
Cyber Warfare -Cyber Warfare -
Cyber Warfare -
ideaflashed
ย 
Cyber war
Cyber warCyber war
Cyber war
Praveen
ย 
Etude PwC/CIO/CSO sur la seฬcuriteฬ de l'information (2014)
Etude PwC/CIO/CSO sur la seฬcuriteฬ de l'information (2014)Etude PwC/CIO/CSO sur la seฬcuriteฬ de l'information (2014)
Etude PwC/CIO/CSO sur la seฬcuriteฬ de l'information (2014)
PwC France
ย 
Cyberwarfare
CyberwarfareCyberwarfare
Cyberwarfare
Space Defense Newsletter
ย 
Securing Cyber Space- Eljay Robertson
Securing Cyber Space- Eljay RobertsonSecuring Cyber Space- Eljay Robertson
Securing Cyber Space- Eljay Robertson
Eljay Robertson
ย 
Cyber Warfare - Jamie Reece Moore
Cyber Warfare - Jamie Reece MooreCyber Warfare - Jamie Reece Moore
Cyber Warfare - Jamie Reece Moore
Jamie Moore
ย 
Cyber war a threat to indias homeland security 2015
Cyber war a threat to indias homeland security 2015Cyber war a threat to indias homeland security 2015
Cyber war a threat to indias homeland security 2015
Ajay Serohi
ย 
Cyber warfare ss
Cyber warfare ssCyber warfare ss
Cyber warfare ss
Maira Asif
ย 
How secure are you?
How secure are you?How secure are you?
How secure are you?
Joe Morris
ย 
Cybersecurity Awareness- Libya' 1st Cybersecurity Days Conference (CDC)
Cybersecurity Awareness- Libya' 1st Cybersecurity Days Conference (CDC)Cybersecurity Awareness- Libya' 1st Cybersecurity Days Conference (CDC)
Cybersecurity Awareness- Libya' 1st Cybersecurity Days Conference (CDC)
Esam Abulkhirat
ย 
2009 10 21 Rajgoel Trends In Financial Crimes
2009 10 21 Rajgoel Trends In Financial Crimes2009 10 21 Rajgoel Trends In Financial Crimes
2009 10 21 Rajgoel Trends In Financial Crimes
Raj Goel
ย 
There's a Crippling Cyber Attack Coming Your Way! Are we prepared to stop it?
There's a Crippling Cyber Attack Coming Your Way! Are we prepared to stop it?There's a Crippling Cyber Attack Coming Your Way! Are we prepared to stop it?
There's a Crippling Cyber Attack Coming Your Way! Are we prepared to stop it?
Brian K. Dickard
ย 
The Future of National and International Security on the Internet
The Future of National and International Security on the InternetThe Future of National and International Security on the Internet
The Future of National and International Security on the Internet
Maurice Dawson
ย 
Digital em Portugal 2018
Digital em Portugal 2018Digital em Portugal 2018
Digital em Portugal 2018
alphaCoimbra
ย 
Raduenzel_Mark_FinalAssignment_NSEC506_Fall2015
Raduenzel_Mark_FinalAssignment_NSEC506_Fall2015Raduenzel_Mark_FinalAssignment_NSEC506_Fall2015
Raduenzel_Mark_FinalAssignment_NSEC506_Fall2015
Mark Raduenzel
ย 
Cybercrime
CybercrimeCybercrime
Cybercrime
Vasiliki Zioga
ย 
Cyber Terrorism
Cyber TerrorismCyber Terrorism
Cyber Terrorism
loverakk187
ย 
31,000 federal government cyber incidents identified by White House
31,000 federal government cyber incidents identified by White House31,000 federal government cyber incidents identified by White House
31,000 federal government cyber incidents identified by White House
David Sweigert
ย 
HIPAA HHS OCR Audit Questions
HIPAA HHS OCR Audit QuestionsHIPAA HHS OCR Audit Questions
HIPAA HHS OCR Audit Questions
David Sweigert
ย 
FBI Memo on How to Protect Yourself from Ransomware
FBI Memo on How to Protect Yourself from RansomwareFBI Memo on How to Protect Yourself from Ransomware
FBI Memo on How to Protect Yourself from Ransomware
David Sweigert
ย 

More Related Content

What's hot

RSTREET17
RSTREET17RSTREET17
RSTREET17
Steven Titch
ย 
Securing Cyber Space- Eljay Robertson
Securing Cyber Space- Eljay RobertsonSecuring Cyber Space- Eljay Robertson
Securing Cyber Space- Eljay Robertson
Eljay Robertson
ย 
2009 10 21 Rajgoel Trends In Financial Crimes
2009 10 21 Rajgoel Trends In Financial Crimes2009 10 21 Rajgoel Trends In Financial Crimes
2009 10 21 Rajgoel Trends In Financial Crimes
Raj Goel
ย 
The Future of National and International Security on the Internet
The Future of National and International Security on the InternetThe Future of National and International Security on the Internet
The Future of National and International Security on the Internet
Maurice Dawson
ย 
Raduenzel_Mark_FinalAssignment_NSEC506_Fall2015
Raduenzel_Mark_FinalAssignment_NSEC506_Fall2015Raduenzel_Mark_FinalAssignment_NSEC506_Fall2015
Raduenzel_Mark_FinalAssignment_NSEC506_Fall2015
Mark Raduenzel
ย 

What's hot (20)

Worldwide Cyber Threats report to House Permanent Select Committee on Intelli...
Worldwide Cyber Threats report to House Permanent Select Committee on Intelli...Worldwide Cyber Threats report to House Permanent Select Committee on Intelli...
Worldwide Cyber Threats report to House Permanent Select Committee on Intelli...
ย 
RSTREET17
RSTREET17RSTREET17
RSTREET17
ย 
Cyber Warfare -
Cyber Warfare -Cyber Warfare -
Cyber Warfare -
ย 
Cyber war
Cyber warCyber war
Cyber war
ย 
Etude PwC/CIO/CSO sur la seฬcuriteฬ de l'information (2014)
Etude PwC/CIO/CSO sur la seฬcuriteฬ de l'information (2014)Etude PwC/CIO/CSO sur la seฬcuriteฬ de l'information (2014)
Etude PwC/CIO/CSO sur la seฬcuriteฬ de l'information (2014)
ย 
Cyberwarfare
CyberwarfareCyberwarfare
Cyberwarfare
ย 
Securing Cyber Space- Eljay Robertson
Securing Cyber Space- Eljay RobertsonSecuring Cyber Space- Eljay Robertson
Securing Cyber Space- Eljay Robertson
ย 
Cyber Warfare - Jamie Reece Moore
Cyber Warfare - Jamie Reece MooreCyber Warfare - Jamie Reece Moore
Cyber Warfare - Jamie Reece Moore
ย 
Cyber war a threat to indias homeland security 2015
Cyber war a threat to indias homeland security 2015Cyber war a threat to indias homeland security 2015
Cyber war a threat to indias homeland security 2015
ย 
Cyber warfare ss
Cyber warfare ssCyber warfare ss
Cyber warfare ss
ย 
How secure are you?
How secure are you?How secure are you?
How secure are you?
ย 
Cybersecurity Awareness- Libya' 1st Cybersecurity Days Conference (CDC)
Cybersecurity Awareness- Libya' 1st Cybersecurity Days Conference (CDC)Cybersecurity Awareness- Libya' 1st Cybersecurity Days Conference (CDC)
Cybersecurity Awareness- Libya' 1st Cybersecurity Days Conference (CDC)
ย 
2009 10 21 Rajgoel Trends In Financial Crimes
2009 10 21 Rajgoel Trends In Financial Crimes2009 10 21 Rajgoel Trends In Financial Crimes
2009 10 21 Rajgoel Trends In Financial Crimes
ย 
There's a Crippling Cyber Attack Coming Your Way! Are we prepared to stop it?
There's a Crippling Cyber Attack Coming Your Way! Are we prepared to stop it?There's a Crippling Cyber Attack Coming Your Way! Are we prepared to stop it?
There's a Crippling Cyber Attack Coming Your Way! Are we prepared to stop it?
ย 
The Future of National and International Security on the Internet
The Future of National and International Security on the InternetThe Future of National and International Security on the Internet
The Future of National and International Security on the Internet
ย 
Digital em Portugal 2018
Digital em Portugal 2018Digital em Portugal 2018
Digital em Portugal 2018
ย 
Raduenzel_Mark_FinalAssignment_NSEC506_Fall2015
Raduenzel_Mark_FinalAssignment_NSEC506_Fall2015Raduenzel_Mark_FinalAssignment_NSEC506_Fall2015
Raduenzel_Mark_FinalAssignment_NSEC506_Fall2015
ย 
Cybercrime
CybercrimeCybercrime
Cybercrime
ย 
Cyber Terrorism
Cyber TerrorismCyber Terrorism
Cyber Terrorism
ย 
31,000 federal government cyber incidents identified by White House
31,000 federal government cyber incidents identified by White House31,000 federal government cyber incidents identified by White House
31,000 federal government cyber incidents identified by White House
ย 

Viewers also liked

Viewers also liked (20)

HIPAA HHS OCR Audit Questions
HIPAA HHS OCR Audit QuestionsHIPAA HHS OCR Audit Questions
HIPAA HHS OCR Audit Questions
ย 
FBI Memo on How to Protect Yourself from Ransomware
FBI Memo on How to Protect Yourself from RansomwareFBI Memo on How to Protect Yourself from Ransomware
FBI Memo on How to Protect Yourself from Ransomware
ย 
NIST Patch Management SP 800-40 Rev 3
NIST Patch Management SP 800-40 Rev 3NIST Patch Management SP 800-40 Rev 3
NIST Patch Management SP 800-40 Rev 3
ย 
NIST Malware Attack Prevention SP 800-83
NIST Malware Attack Prevention SP 800-83NIST Malware Attack Prevention SP 800-83
NIST Malware Attack Prevention SP 800-83
ย 
Cyber war netwar and the future of cyberdefense
Cyber war netwar and the future of cyberdefense Cyber war netwar and the future of cyberdefense
Cyber war netwar and the future of cyberdefense
ย 
Cyber TTX Training Opportunity for mid-January 2017
Cyber TTX Training Opportunity for mid-January 2017Cyber TTX Training Opportunity for mid-January 2017
Cyber TTX Training Opportunity for mid-January 2017
ย 
Emergency Services Sector Cybersecurity Initiative UASI briefing
Emergency Services Sector Cybersecurity Initiative UASI briefingEmergency Services Sector Cybersecurity Initiative UASI briefing
Emergency Services Sector Cybersecurity Initiative UASI briefing
ย 
Handbook for Cyber Incident Response
Handbook for Cyber Incident ResponseHandbook for Cyber Incident Response
Handbook for Cyber Incident Response
ย 
Psychology of the Insider Threat
Psychology of the Insider ThreatPsychology of the Insider Threat
Psychology of the Insider Threat
ย 
Healthcare Contingency Operations by DHHS ASPR
Healthcare Contingency Operations by DHHS ASPRHealthcare Contingency Operations by DHHS ASPR
Healthcare Contingency Operations by DHHS ASPR
ย 
Use of reverse proxies to counter attacks -- TCP flow analysis
Use of reverse proxies to counter attacks -- TCP flow analysisUse of reverse proxies to counter attacks -- TCP flow analysis
Use of reverse proxies to counter attacks -- TCP flow analysis
ย 
HIPAA Security Rule consent agreement with OCR
HIPAA Security Rule consent agreement with OCRHIPAA Security Rule consent agreement with OCR
HIPAA Security Rule consent agreement with OCR
ย 
Developing Transistion Planning from Cyber Incident Response to Recovery
Developing Transistion Planning from Cyber Incident Response to RecoveryDeveloping Transistion Planning from Cyber Incident Response to Recovery
Developing Transistion Planning from Cyber Incident Response to Recovery
ย 
TDL3 Rootkit Background
TDL3 Rootkit BackgroundTDL3 Rootkit Background
TDL3 Rootkit Background
ย 
Wireless Disassociation and Deauthentication Attacks
Wireless Disassociation and Deauthentication AttacksWireless Disassociation and Deauthentication Attacks
Wireless Disassociation and Deauthentication Attacks
ย 
Overview of SMB, NetBIOS and other network attacks
Overview of SMB, NetBIOS and other network attacksOverview of SMB, NetBIOS and other network attacks
Overview of SMB, NetBIOS and other network attacks
ย 
Example of Security Awareness Training -- Department of Aging
Example of Security Awareness Training -- Department of AgingExample of Security Awareness Training -- Department of Aging
Example of Security Awareness Training -- Department of Aging
ย 
Disaster Recovery planning within HIPAA framework
Disaster Recovery planning within HIPAA frameworkDisaster Recovery planning within HIPAA framework
Disaster Recovery planning within HIPAA framework
ย 
Use of Cyber Proxy Forces in Unconventional Warfare
Use of Cyber Proxy Forces in Unconventional WarfareUse of Cyber Proxy Forces in Unconventional Warfare
Use of Cyber Proxy Forces in Unconventional Warfare
ย 
Russian Hacker Cyber Threats to US Voting Infrastructure
Russian Hacker Cyber Threats to US Voting InfrastructureRussian Hacker Cyber Threats to US Voting Infrastructure
Russian Hacker Cyber Threats to US Voting Infrastructure
ย 

Similar to Cyber Threats that impact the US Energy Infrastructure

The Biggest Cyber and Physical Security Threats to Critical Infrastructure FM...
The Biggest Cyber and Physical Security Threats to Critical Infrastructure FM...The Biggest Cyber and Physical Security Threats to Critical Infrastructure FM...
The Biggest Cyber and Physical Security Threats to Critical Infrastructure FM...
Fas (Feisal) Mosleh
ย 
Understanding the Methods behind Cyber Terrorism
Understanding the Methods behind Cyber TerrorismUnderstanding the Methods behind Cyber Terrorism
Understanding the Methods behind Cyber Terrorism
Maurice Dawson
ย 
www.pwc.comgsiss2015Managing cyber risks in an intercon.docx
www.pwc.comgsiss2015Managing cyber risks in an intercon.docxwww.pwc.comgsiss2015Managing cyber risks in an intercon.docx
www.pwc.comgsiss2015Managing cyber risks in an intercon.docx
ericbrooks84875
ย 
Cyber Threat to Public Safety Communications
Cyber Threat to Public Safety CommunicationsCyber Threat to Public Safety Communications
Cyber Threat to Public Safety Communications
Kory Edwards
ย 
Cyber Threat to Public Safety Communications
Cyber Threat to Public Safety CommunicationsCyber Threat to Public Safety Communications
Cyber Threat to Public Safety Communications
Kory Edwards
ย 
Battlefield Cyberspace: Exploitation of Hyperconnectivity and Internet of Things
Battlefield Cyberspace: Exploitation of Hyperconnectivity and Internet of ThingsBattlefield Cyberspace: Exploitation of Hyperconnectivity and Internet of Things
Battlefield Cyberspace: Exploitation of Hyperconnectivity and Internet of Things
Maurice Dawson
ย 
Review DNI WTAs for 2015 and 2016 (see attached). Compare and con.docx
Review DNI WTAs for 2015 and 2016 (see attached). Compare and con.docxReview DNI WTAs for 2015 and 2016 (see attached). Compare and con.docx
Review DNI WTAs for 2015 and 2016 (see attached). Compare and con.docx
ronak56
ย 
61Shackelford & Bohm - Securing North American Critical Infra
61Shackelford & Bohm - Securing North American Critical Infra61Shackelford & Bohm - Securing North American Critical Infra
61Shackelford & Bohm - Securing North American Critical Infra
simisterchristen
ย 
(U fouo) dhs infrastructure protection note- most significant tactics against...
(U fouo) dhs infrastructure protection note- most significant tactics against...(U fouo) dhs infrastructure protection note- most significant tactics against...
(U fouo) dhs infrastructure protection note- most significant tactics against...
RepentSinner
ย 
(U fouo) dhs infrastructure protection note- most significant tactics against...
(U fouo) dhs infrastructure protection note- most significant tactics against...(U fouo) dhs infrastructure protection note- most significant tactics against...
(U fouo) dhs infrastructure protection note- most significant tactics against...
AnonDownload
ย 
Project 4 Threat Analysis and ExploitationTranscript (backgroun.docx
Project 4 Threat Analysis and ExploitationTranscript (backgroun.docxProject 4 Threat Analysis and ExploitationTranscript (backgroun.docx
Project 4 Threat Analysis and ExploitationTranscript (backgroun.docx
stilliegeorgiana
ย 
Security Management
Security ManagementSecurity Management
Security Management
DamaineFranklinMScBE
ย 
Research Paper
Research PaperResearch Paper
Research Paper
Guy DeMarco
ย 
Internet Security Threat
Internet Security ThreatInternet Security Threat
Internet Security Threat
Michael Yatskievych
ย 
Digital danger zone tackling cyber security
Digital danger zone tackling cyber securityDigital danger zone tackling cyber security
Digital danger zone tackling cyber security
John Kingsley
ย 

Similar to Cyber Threats that impact the US Energy Infrastructure (20)

The Biggest Cyber and Physical Security Threats to Critical Infrastructure FM...
The Biggest Cyber and Physical Security Threats to Critical Infrastructure FM...The Biggest Cyber and Physical Security Threats to Critical Infrastructure FM...
The Biggest Cyber and Physical Security Threats to Critical Infrastructure FM...
ย 
Understanding the Methods behind Cyber Terrorism
Understanding the Methods behind Cyber TerrorismUnderstanding the Methods behind Cyber Terrorism
Understanding the Methods behind Cyber Terrorism
ย 
Need for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure ProtectionNeed for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure Protection
ย 
www.pwc.comgsiss2015Managing cyber risks in an intercon.docx
www.pwc.comgsiss2015Managing cyber risks in an intercon.docxwww.pwc.comgsiss2015Managing cyber risks in an intercon.docx
www.pwc.comgsiss2015Managing cyber risks in an intercon.docx
ย 
Cyber Threat to Public Safety Communications
Cyber Threat to Public Safety CommunicationsCyber Threat to Public Safety Communications
Cyber Threat to Public Safety Communications
ย 
Cyber Threat to Public Safety Communications
Cyber Threat to Public Safety CommunicationsCyber Threat to Public Safety Communications
Cyber Threat to Public Safety Communications
ย 
CYBERWAR: THE NEXT THREAT TO NATIONAL SECURITY
CYBERWAR: THE NEXT THREAT TO NATIONAL SECURITYCYBERWAR: THE NEXT THREAT TO NATIONAL SECURITY
CYBERWAR: THE NEXT THREAT TO NATIONAL SECURITY
ย 
Battlefield Cyberspace: Exploitation of Hyperconnectivity and Internet of Things
Battlefield Cyberspace: Exploitation of Hyperconnectivity and Internet of ThingsBattlefield Cyberspace: Exploitation of Hyperconnectivity and Internet of Things
Battlefield Cyberspace: Exploitation of Hyperconnectivity and Internet of Things
ย 
Need for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure ProtectionNeed for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure Protection
ย 
Review DNI WTAs for 2015 and 2016 (see attached). Compare and con.docx
Review DNI WTAs for 2015 and 2016 (see attached). Compare and con.docxReview DNI WTAs for 2015 and 2016 (see attached). Compare and con.docx
Review DNI WTAs for 2015 and 2016 (see attached). Compare and con.docx
ย 
61Shackelford & Bohm - Securing North American Critical Infra
61Shackelford & Bohm - Securing North American Critical Infra61Shackelford & Bohm - Securing North American Critical Infra
61Shackelford & Bohm - Securing North American Critical Infra
ย 
Online security โ€“ an assessment of the new
Online security โ€“ an assessment of the newOnline security โ€“ an assessment of the new
Online security โ€“ an assessment of the new
ย 
(U fouo) dhs infrastructure protection note- most significant tactics against...
(U fouo) dhs infrastructure protection note- most significant tactics against...(U fouo) dhs infrastructure protection note- most significant tactics against...
(U fouo) dhs infrastructure protection note- most significant tactics against...
ย 
(U fouo) dhs infrastructure protection note- most significant tactics against...
(U fouo) dhs infrastructure protection note- most significant tactics against...(U fouo) dhs infrastructure protection note- most significant tactics against...
(U fouo) dhs infrastructure protection note- most significant tactics against...
ย 
Project 4 Threat Analysis and ExploitationTranscript (backgroun.docx
Project 4 Threat Analysis and ExploitationTranscript (backgroun.docxProject 4 Threat Analysis and ExploitationTranscript (backgroun.docx
Project 4 Threat Analysis and ExploitationTranscript (backgroun.docx
ย 
Security Management
Security ManagementSecurity Management
Security Management
ย 
Cloudcamp Chicago Nov 2104 Fintech - Dwight Koop "East / West Chalkboard Talk"
Cloudcamp Chicago Nov 2104 Fintech - Dwight Koop "East / West Chalkboard Talk"Cloudcamp Chicago Nov 2104 Fintech - Dwight Koop "East / West Chalkboard Talk"
Cloudcamp Chicago Nov 2104 Fintech - Dwight Koop "East / West Chalkboard Talk"
ย 
Research Paper
Research PaperResearch Paper
Research Paper
ย 
Internet Security Threat
Internet Security ThreatInternet Security Threat
Internet Security Threat
ย 
Digital danger zone tackling cyber security
Digital danger zone tackling cyber securityDigital danger zone tackling cyber security
Digital danger zone tackling cyber security
ย 

More from David Sweigert

More from David Sweigert (20)

The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)
The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)
The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)
ย 
Law Enforcement Cyber Incident Reporting
Law Enforcement Cyber Incident Reporting Law Enforcement Cyber Incident Reporting
Law Enforcement Cyber Incident Reporting
ย 
Sample Network Analysis Report based on Wireshark Analysis
Sample Network Analysis Report based on Wireshark AnalysisSample Network Analysis Report based on Wireshark Analysis
Sample Network Analysis Report based on Wireshark Analysis
ย 
National Cyber Security Awareness Month poster
National Cyber Security Awareness Month posterNational Cyber Security Awareness Month poster
National Cyber Security Awareness Month poster
ย 
Department of Defense standard 8570 - CompTia Advanced Security Practitioner
Department of Defense standard 8570 - CompTia Advanced Security Practitioner Department of Defense standard 8570 - CompTia Advanced Security Practitioner
Department of Defense standard 8570 - CompTia Advanced Security Practitioner
ย 
National Cyber Security Awareness Month - October 2017
National Cyber Security Awareness Month - October 2017National Cyber Security Awareness Month - October 2017
National Cyber Security Awareness Month - October 2017
ย 
California Attorney General Notification Penal Code 646.9
California Attorney General Notification Penal Code 646.9California Attorney General Notification Penal Code 646.9
California Attorney General Notification Penal Code 646.9
ย 
Congressional support of Ethical Hacking and Cyber Security
Congressional support of Ethical Hacking and Cyber SecurityCongressional support of Ethical Hacking and Cyber Security
Congressional support of Ethical Hacking and Cyber Security
ย 
EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)
EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)
EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)
ย 
Application of Racketeering Law to Suppress CrowdStalking Threats
Application of Racketeering Law to Suppress CrowdStalking ThreatsApplication of Racketeering Law to Suppress CrowdStalking Threats
Application of Racketeering Law to Suppress CrowdStalking Threats
ย 
Canada Communications Security Establishment - Threat Vector Chart
Canada Communications Security Establishment - Threat Vector ChartCanada Communications Security Establishment - Threat Vector Chart
Canada Communications Security Establishment - Threat Vector Chart
ย 
Port of Charleston evacuation case study: The cognitive threat of conspiracy ...
Port of Charleston evacuation case study: The cognitive threat of conspiracy ...Port of Charleston evacuation case study: The cognitive threat of conspiracy ...
Port of Charleston evacuation case study: The cognitive threat of conspiracy ...
ย 
Cyber Incident Response Team NIMS Public Comment
Cyber Incident Response Team NIMS Public CommentCyber Incident Response Team NIMS Public Comment
Cyber Incident Response Team NIMS Public Comment
ย 
Cyber Incident Response Team - NIMS - Public Comment
Cyber Incident Response Team - NIMS - Public CommentCyber Incident Response Team - NIMS - Public Comment
Cyber Incident Response Team - NIMS - Public Comment
ย 
National Incident Management System (NIMS) NQS DRAFT
National Incident Management System (NIMS) NQS DRAFTNational Incident Management System (NIMS) NQS DRAFT
National Incident Management System (NIMS) NQS DRAFT
ย 
National Incident Management System - NQS Public Feedback
National Incident Management System - NQS Public FeedbackNational Incident Management System - NQS Public Feedback
National Incident Management System - NQS Public Feedback
ย 
Nursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERT
Nursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERTNursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERT
Nursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERT
ย 
National Preparedness Goals 2015 2nd edition
National Preparedness Goals 2015 2nd editionNational Preparedness Goals 2015 2nd edition
National Preparedness Goals 2015 2nd edition
ย 
Healthcare Sector-wide Disaster Prepardness Plan
Healthcare Sector-wide Disaster Prepardness PlanHealthcare Sector-wide Disaster Prepardness Plan
Healthcare Sector-wide Disaster Prepardness Plan
ย 
Cyber Risk Assessment for the Emergency Services Sector - DHS
Cyber Risk Assessment for the Emergency Services Sector - DHSCyber Risk Assessment for the Emergency Services Sector - DHS
Cyber Risk Assessment for the Emergency Services Sector - DHS
ย 

Recently uploaded

Russian๐ŸŒDazzling Hottie Getโ˜Ž๏ธ 9053900678 โ˜Ž๏ธcall girl In Chandigarh By Chandig...
Russian๐ŸŒDazzling Hottie Getโ˜Ž๏ธ 9053900678 โ˜Ž๏ธcall girl In Chandigarh By Chandig...Russian๐ŸŒDazzling Hottie Getโ˜Ž๏ธ 9053900678 โ˜Ž๏ธcall girl In Chandigarh By Chandig...
Russian๐ŸŒDazzling Hottie Getโ˜Ž๏ธ 9053900678 โ˜Ž๏ธcall girl In Chandigarh By Chandig...
Chandigarh Call girls 9053900678 Call girls in Chandigarh
ย 
VIP Call Girls Bhavnagar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Bhavnagar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Bhavnagar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Bhavnagar 7001035870 Whatsapp Number, 24/07 Booking
dharasingh5698
ย 
Just Call Vip call girls Wardha Escorts โ˜Ž๏ธ8617370543 Starting From 5K to 25K ...
Just Call Vip call girls Wardha Escorts โ˜Ž๏ธ8617370543 Starting From 5K to 25K ...Just Call Vip call girls Wardha Escorts โ˜Ž๏ธ8617370543 Starting From 5K to 25K ...
Just Call Vip call girls Wardha Escorts โ˜Ž๏ธ8617370543 Starting From 5K to 25K ...
Dipal Arora
ย 
Pimpri Chinchwad ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi R...
Pimpri Chinchwad ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi R...Pimpri Chinchwad ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi R...
Pimpri Chinchwad ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi R...
tanu pandey
ย 
VIP Model Call Girls Kiwale ( Pune ) Call ON 8005736733 Starting From 5K to 2...
VIP Model Call Girls Kiwale ( Pune ) Call ON 8005736733 Starting From 5K to 2...VIP Model Call Girls Kiwale ( Pune ) Call ON 8005736733 Starting From 5K to 2...
VIP Model Call Girls Kiwale ( Pune ) Call ON 8005736733 Starting From 5K to 2...
SUHANI PANDEY
ย 
celebrity ๐Ÿ’‹ Patna Escorts Just Dail 8250092165 service available anytime 24 hour
celebrity ๐Ÿ’‹ Patna Escorts Just Dail 8250092165 service available anytime 24 hourcelebrity ๐Ÿ’‹ Patna Escorts Just Dail 8250092165 service available anytime 24 hour
celebrity ๐Ÿ’‹ Patna Escorts Just Dail 8250092165 service available anytime 24 hour
Call Girls in Nagpur High Profile
ย 
Nanded City ? Russian Call Girls Pune - 450+ Call Girl Cash Payment 800573673...
Nanded City ? Russian Call Girls Pune - 450+ Call Girl Cash Payment 800573673...Nanded City ? Russian Call Girls Pune - 450+ Call Girl Cash Payment 800573673...
Nanded City ? Russian Call Girls Pune - 450+ Call Girl Cash Payment 800573673...
SUHANI PANDEY
ย 
Call Girls in Sarita Vihar Delhi Just Call ๐Ÿ‘‰๐Ÿ‘‰9873777170 Independent Female ...
Call Girls in Sarita Vihar Delhi Just Call ๐Ÿ‘‰๐Ÿ‘‰9873777170 Independent Female ...Call Girls in Sarita Vihar Delhi Just Call ๐Ÿ‘‰๐Ÿ‘‰9873777170 Independent Female ...
Call Girls in Sarita Vihar Delhi Just Call ๐Ÿ‘‰๐Ÿ‘‰9873777170 Independent Female ...
adilkhan87451
ย 
celebrity ๐Ÿ’‹ Agra Escorts Just Dail 8250092165 service available anytime 24 hour
celebrity ๐Ÿ’‹ Agra Escorts Just Dail 8250092165 service available anytime 24 hourcelebrity ๐Ÿ’‹ Agra Escorts Just Dail 8250092165 service available anytime 24 hour
celebrity ๐Ÿ’‹ Agra Escorts Just Dail 8250092165 service available anytime 24 hour
Call Girls in Nagpur High Profile
ย 
Call Girls Nanded City Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Nanded City Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Nanded City Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Nanded City Call Me 7737669865 Budget Friendly No Advance Booking
roncy bisnoi
ย 
VIP Call Girls Agra 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Agra 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Agra 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Agra 7001035870 Whatsapp Number, 24/07 Booking
dharasingh5698
ย 
VIP Model Call Girls Shikrapur ( Pune ) Call ON 8005736733 Starting From 5K t...
VIP Model Call Girls Shikrapur ( Pune ) Call ON 8005736733 Starting From 5K t...VIP Model Call Girls Shikrapur ( Pune ) Call ON 8005736733 Starting From 5K t...
VIP Model Call Girls Shikrapur ( Pune ) Call ON 8005736733 Starting From 5K t...
SUHANI PANDEY
ย 
Call Girls Chakan Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Chakan Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Chakan Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Chakan Call Me 7737669865 Budget Friendly No Advance Booking
roncy bisnoi
ย 
Hinjewadi * VIP Call Girls Pune | Whatsapp No 8005736733 VIP Escorts Service ...
Hinjewadi * VIP Call Girls Pune | Whatsapp No 8005736733 VIP Escorts Service ...Hinjewadi * VIP Call Girls Pune | Whatsapp No 8005736733 VIP Escorts Service ...
Hinjewadi * VIP Call Girls Pune | Whatsapp No 8005736733 VIP Escorts Service ...
SUHANI PANDEY
ย 
Chakan ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Chakan ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...Chakan ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Chakan ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
tanu pandey
ย 

Recently uploaded (20)

Russian๐ŸŒDazzling Hottie Getโ˜Ž๏ธ 9053900678 โ˜Ž๏ธcall girl In Chandigarh By Chandig...
Russian๐ŸŒDazzling Hottie Getโ˜Ž๏ธ 9053900678 โ˜Ž๏ธcall girl In Chandigarh By Chandig...Russian๐ŸŒDazzling Hottie Getโ˜Ž๏ธ 9053900678 โ˜Ž๏ธcall girl In Chandigarh By Chandig...
Russian๐ŸŒDazzling Hottie Getโ˜Ž๏ธ 9053900678 โ˜Ž๏ธcall girl In Chandigarh By Chandig...
ย 
VIP Call Girls Bhavnagar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Bhavnagar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Bhavnagar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Bhavnagar 7001035870 Whatsapp Number, 24/07 Booking
ย 
Just Call Vip call girls Wardha Escorts โ˜Ž๏ธ8617370543 Starting From 5K to 25K ...
Just Call Vip call girls Wardha Escorts โ˜Ž๏ธ8617370543 Starting From 5K to 25K ...Just Call Vip call girls Wardha Escorts โ˜Ž๏ธ8617370543 Starting From 5K to 25K ...
Just Call Vip call girls Wardha Escorts โ˜Ž๏ธ8617370543 Starting From 5K to 25K ...
ย 
Election 2024 Presiding Duty Keypoints_01.pdf
Election 2024 Presiding Duty Keypoints_01.pdfElection 2024 Presiding Duty Keypoints_01.pdf
Election 2024 Presiding Duty Keypoints_01.pdf
ย 
Pimpri Chinchwad ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi R...
Pimpri Chinchwad ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi R...Pimpri Chinchwad ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi R...
Pimpri Chinchwad ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi R...
ย 
VIP Model Call Girls Kiwale ( Pune ) Call ON 8005736733 Starting From 5K to 2...
VIP Model Call Girls Kiwale ( Pune ) Call ON 8005736733 Starting From 5K to 2...VIP Model Call Girls Kiwale ( Pune ) Call ON 8005736733 Starting From 5K to 2...
VIP Model Call Girls Kiwale ( Pune ) Call ON 8005736733 Starting From 5K to 2...
ย 
SMART BANGLADESH I PPTX I SLIDE IShovan Prita Paul.pptx
SMART BANGLADESH I PPTX I SLIDE IShovan Prita Paul.pptxSMART BANGLADESH I PPTX I SLIDE IShovan Prita Paul.pptx
SMART BANGLADESH I PPTX I SLIDE IShovan Prita Paul.pptx
ย 
celebrity ๐Ÿ’‹ Patna Escorts Just Dail 8250092165 service available anytime 24 hour
celebrity ๐Ÿ’‹ Patna Escorts Just Dail 8250092165 service available anytime 24 hourcelebrity ๐Ÿ’‹ Patna Escorts Just Dail 8250092165 service available anytime 24 hour
celebrity ๐Ÿ’‹ Patna Escorts Just Dail 8250092165 service available anytime 24 hour
ย 
Nanded City ? Russian Call Girls Pune - 450+ Call Girl Cash Payment 800573673...
Nanded City ? Russian Call Girls Pune - 450+ Call Girl Cash Payment 800573673...Nanded City ? Russian Call Girls Pune - 450+ Call Girl Cash Payment 800573673...
Nanded City ? Russian Call Girls Pune - 450+ Call Girl Cash Payment 800573673...
ย 
2024: The FAR, Federal Acquisition Regulations, Part 30
2024: The FAR, Federal Acquisition Regulations, Part 302024: The FAR, Federal Acquisition Regulations, Part 30
2024: The FAR, Federal Acquisition Regulations, Part 30
ย 
World Press Freedom Day 2024; May 3rd - Poster
World Press Freedom Day 2024; May 3rd - PosterWorld Press Freedom Day 2024; May 3rd - Poster
World Press Freedom Day 2024; May 3rd - Poster
ย 
Call Girls in Sarita Vihar Delhi Just Call ๐Ÿ‘‰๐Ÿ‘‰9873777170 Independent Female ...
Call Girls in Sarita Vihar Delhi Just Call ๐Ÿ‘‰๐Ÿ‘‰9873777170 Independent Female ...Call Girls in Sarita Vihar Delhi Just Call ๐Ÿ‘‰๐Ÿ‘‰9873777170 Independent Female ...
Call Girls in Sarita Vihar Delhi Just Call ๐Ÿ‘‰๐Ÿ‘‰9873777170 Independent Female ...
ย 
celebrity ๐Ÿ’‹ Agra Escorts Just Dail 8250092165 service available anytime 24 hour
celebrity ๐Ÿ’‹ Agra Escorts Just Dail 8250092165 service available anytime 24 hourcelebrity ๐Ÿ’‹ Agra Escorts Just Dail 8250092165 service available anytime 24 hour
celebrity ๐Ÿ’‹ Agra Escorts Just Dail 8250092165 service available anytime 24 hour
ย 
Call Girls Nanded City Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Nanded City Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Nanded City Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Nanded City Call Me 7737669865 Budget Friendly No Advance Booking
ย 
VIP Call Girls Agra 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Agra 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Agra 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Agra 7001035870 Whatsapp Number, 24/07 Booking
ย 
VIP Model Call Girls Shikrapur ( Pune ) Call ON 8005736733 Starting From 5K t...
VIP Model Call Girls Shikrapur ( Pune ) Call ON 8005736733 Starting From 5K t...VIP Model Call Girls Shikrapur ( Pune ) Call ON 8005736733 Starting From 5K t...
VIP Model Call Girls Shikrapur ( Pune ) Call ON 8005736733 Starting From 5K t...
ย 
Call Girls Chakan Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Chakan Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Chakan Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Chakan Call Me 7737669865 Budget Friendly No Advance Booking
ย 
Hinjewadi * VIP Call Girls Pune | Whatsapp No 8005736733 VIP Escorts Service ...
Hinjewadi * VIP Call Girls Pune | Whatsapp No 8005736733 VIP Escorts Service ...Hinjewadi * VIP Call Girls Pune | Whatsapp No 8005736733 VIP Escorts Service ...
Hinjewadi * VIP Call Girls Pune | Whatsapp No 8005736733 VIP Escorts Service ...
ย 
The NAP process & South-South peer learning
The NAP process & South-South peer learningThe NAP process & South-South peer learning
The NAP process & South-South peer learning
ย 
Chakan ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Chakan ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...Chakan ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Chakan ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
ย 

Cyber Threats that impact the US Energy Infrastructure

  • 1. I N T E L L I G E N C E A S S E S S M E N T U N C L A S S I F I E D / / F O R O F F I C I A L U S E O N L Y U N C L A S S I F I E D / / F O R O F F I C I A L U S E O N L Y (U//FOUO) Damaging Cyber Attacks Possible but Not Likely Against the US Energy Sector 27 January 2016 Office of Intelligence and Analysis IA-0060-16 (U) Warning: This document is UNCLASSIFIED//FOR OFFICIAL USE ONLY (U//FOUO). It contains information that may be exempt from public release under the Freedom of Information Act (5 U.S.C. 552). It is to be controlled, stored, handled, transmitted, distributed, and disposed of in accordance with DHS policy relating to FOUO information and is not to be released to the public, the media, or other personnel who do not have a valid need to know without prior approval of an authorized DHS official. State and local homeland security officials may share this document with authorized critical infrastructure and key resource personnel and private sector security officials without further approval from DHS
  • 2. U N C L A S S I F I E D / / F O R O F F I C I A L U S E O N L Y U N C L A S S I F I E D / / F O R O F F I C I A L U S E O N L Y 22 January 2016 (U//FOUO) Damaging Cyber Attacks Possible but Not Likely Against the US Energy Sector (U) Prepared by the Office of Intelligence and Analysis (I&A). Coordinated with the Industrial Control Systems Computer Emergency Response Team (ICS-CERT). (U) Key Judgments (U//FOUO) We assess the threat of a damaging or disruptive cyber attack against the US energy sector is low. We judge advanced persistent threat (APT) nation-state cyber actors are targeting US energy sector enterprise networks primarily to conduct cyber espionage. The APT activity directed against sector industrial control system (ICS) networks probably is focused on acquiring and maintaining persistent access to facilitate the introduction of malware, and likely is part of nation-state contingency planning that would only be implemented to conduct a damaging or disruptive attack in the event of hostilities with the United States. (U//FOUO) We assess the majority of malicious activity occurring against the US energy sector is low-level cybercrime that is likely opportunistic in nature rather than specifically aimed at the sector, is financially or ideologically motivated, and is not meant to be destructive. (U//FOUO) We assess that imprecise use of the term โ€œcyber attackโ€ in open source media reporting and throughout the private sector has led to misperceptions about the cyber threat to the US energy sector. (U//FOUO) Advanced Persistent Threat Actors Not Likely To Conduct Damaging or Disruptive Attack (U//FOUO) We assess the threat of a damaging or disruptive cyber attack against the US energy sector is low. We judge APT nation-state cyber actors are targeting US energy sector enterprise networks primarily to conduct cyber espionage. The APT activity directed against sector ICS networks probably is focused on acquiring and maintaining persistent access to facilitate the introduction of malware, and likely is part of nation-state contingency planning that would only be implemented to conduct a damaging or disruptive attack in the event of hostilities with the United States. (U) Scope (U//FOUO) This Assessment establishes a baseline analysis of cyber threats to the US energy sector based on comprehensive FY 2014 incident reporting data compiled by ICS-CERT, as well as reporting by the Intelligence Community (IC), private sector cybersecurity industry, and open source media between early 2011 and January 2016. This Assessment is designed to help close gaps between the private sectorโ€™s and the ICโ€™s understanding of current cyber threats facing the US energy sector. Critical infrastructure owners and operators can use this analysis to better understand cyber threats facing the US energy sector and help focus defensive strategies and operations to mitigate these threats. The Assessment does not include an in-depth analysis of foreign cyber doctrines or nation-state red lines for conducting cyber attacks against the United States. The information cutoff date for this Assessment is January 2016. (U) Industrial Control Systems (U) ICS are computers that control real-world activity; for example, ICS are used to run power plants, manufacturing assembly lines, commercial air conditioning systems, and building elevators.
  • 3. U N C L A S S I F I E D / / F O R O F F I C I A L U S E O N L Y U N C L A S S I F I E D / / F O R O F F I C I A L U S E O N L Y Page 2 of 7 ยป (U//FOUO) APT actors were responsible for at least 17 intrusions against the US energy sector in FY 2014, according to ICS-CERT incident report dataโ€”the last full year for which this data was available.1 Included in these intrusions are incidents of data theft from enterprise networks and accessing and maintaining presence on ICS. APT actors did not cause any damage or disruption in any of the 17 reported incidents, according to the same ICS-CERT incident report data.2 ยป (U//FOUO) ICS-CERT in late 2014 became aware of an ongoing campaign, dating to 2011, targeting ICS devices worldwide using Havex malware, according to ICS-CERT alerts and cybersecurity industry analysis.3,4,5,6 This activity is attributed to suspected Russian state-sponsored actors according to cybersecurity industry analysis.7,8 ยป (U//FOUO) APT actors in FY 2014 were responsible for two confirmed intrusions into US petroleum organizationsโ€™ enterprise networks, and are suspected of exfiltrating data in at least one case, according to ICS-CERT incident report data.11 (U//FOUO) Low-level Cybercrime Predominant Activity Against US Energy Sector (U//FOUO) We assess the majority of malicious activity occurring against the energy sector is low-level cybercrime that is likely opportunistic in nature rather than specifically aimed at the sector, is financially or ideologically motivated, and is not meant to be destructive. Low-level activity such as that by cybercriminals or criminal hackers is less likely to be reported to ICS-CERT, as the organizations themselves may be able to handle the incidentโ€”meaning the number of low-level cybercrime incidents is probably much higher. Low-level cybercrime incidents cost the energy sector billions of dollars in cybersecurity spending and insurance coverage against cyber attacks.16 ยป (U//FOUO) Of the cyber incidents against the US energy sector reported to ICS-CERT in FY 2014, 63 percent involved unattributed, low-level activity against enterprise networksโ€”for which we have insufficient information to provide definitive attribution.17 We assess these incidents likely were conducted by cybercriminals, criminal hackers, unknown actors, and insiders. In addition, many of these incidents were handled independently of ICS-CERT, either by the victim organizations themselves or by third-party consultants. ยป (U//FOUO) Unknown actors in FY 2014 used the Bang distributed denial-of-service (DDoS) malware to infect at least four US electricity organizations, according to ICS-CERT incident report data.18 DDoS malware is typically spread by targeting vulnerabilities rather than specific organizations, indicating the electricity organizations probably were not targeted specifically. ยป (U//FOUO) Cybercriminals in FY 2014 used Cryptolocker ransomware to infect three US energy organizations, according to ICS-CERT incident report data.19 Cryptolocker encrypts the victimโ€™s data so it can no longer be accessed (U//FOUO) Havex Malware (U//FOUO) Havex is a malware tool likely developed by Russian state-sponsored cyber actors. Its main function is to gather system information, but it also can run specialized plug-ins for additional capabilities.9,10 (U) Ukraine Power Outage (U//FOUO) Open source media and various US cybersecurity threat intelligence companies have claimed that at least six Ukrainian regional power providers in late December suffered a cyber attack causing the loss of power for more than 80,000 customers for up to six hours12,13 Due to limited authoritative reporting, I&A is unable to confirm the event was triggered by cyber means. While not independently confirmed as the cause of the outage, malware provided by Kyiv indicates the presence of a variant of an ICS-specific malware on the energy providerโ€™s systems, according to ICS-CERT analysis.14 The variant provided by the Ukrainian Government has the capability to enable remote access and delete computer content, including system drives.15 I&A cannot attribute this operation to any specific cyber actor, but the attacks are consistent with our understanding of Moscowโ€™s capability and intent, including observations of cyber operations during regional tensions. This incident does not represent an increase in the threat of a disruptive or destructive attack on US energy infrastructure, which I&A assesses is low.
  • 4. U N C L A S S I F I E D / / F O R O F F I C I A L U S E O N L Y U N C L A S S I F I E D / / F O R O F F I C I A L U S E O N L Y Page 3 of 7 without a passkey, which only the cybercriminal possesses. To recover the data, the victim must pay a ransomโ€” usually in bitcoinsโ€”to the cybercriminal. ยป (U) Unidentified cybercriminals in May 2013 compromised the payroll login credentials of a North Carolina fuel distribution company, and during the course of five days stole more than $800,000 before the theft was noticed, according to a well-known cybersecurity media outlet.20 (U//FOUO) Misperceptions about Cyber Threats in the Energy Sector (U//FOUO) We assess imprecise use of the term โ€œcyber attackโ€ in open source media reporting and throughout the private sector has led to misperceptions about the cyber threat to the US energy sector. The term โ€œcyber attackโ€ is frequently used to refer to any cyber incident directed against the US energy sector. This overuse of the term โ€œcyber attackโ€ creates an unnecessarily alarmist general view of the threat to the sector. โ€œCyber attackโ€โ€”which should denote intent to cause denial, disruption, destruction, or other negative effectsโ€”is frequently used in the private sector to describe cyber espionage, and even low-level, untargeted incidents of cybercrime. Overuse of the term โ€œcyber attack,โ€ risks โ€œalarm fatigue,โ€ which could lead to longer response times or to missing important incidents.* ยป (U//FOUO) A major media outlet reported in December 2014 that the nationโ€™s energy grid is constantly under โ€œattackโ€ by hackers. The article makes this claim by drawing on an ICS-CERT statement regarding the number of incidents it responded to in FY 2014.21 In fact, none of these events were properly considered attacks because no disruption, denial, or destruction occurred; rather, these events are more correctly described as espionage or some other activity. The only two incidents that resulted in damage or disruption to the victimโ€™s systems were self-inflictedโ€”caused by accidental misconfiguration, according to DHS incident report data.22 ยป (U//FOUO) Another major media outlet in November 2014 published an article speculating that China could shut down the US electric power grid through a cyber attack, but the article offered no concrete evidence to support this claim.23 According to all sources of information available to the IC, ICS-CERT, and the private sector, there have been no damaging or destructive attacks against the US energy sector. We also have no reporting that Chinese cyber actors have ever accessed the ICS components of any US energy sector entity. (U) Mitigation Measures (U//FOUO) Regardless whether adversarial APT actors intend to conduct damaging attacks against the US energy sector, it is clear that the sector is vulnerable to low-level cybercrime and sophisticated state-sponsored APT activity. In properly segmented networksโ€”where ICS components are not directly connected to the Internetโ€”the enterprise network is often the entry point for targeted and untargeted malicious activity against ICS components. Energy sector asset owners and operators can reduce the risk of malicious activity reaching ICS components by better protecting and securing their enterprise networks. Four relatively simple tactics could result in a significant decrease in compromises: implementing up-to-date e-mail filters; keeping antivirus definitions current; keeping software patches current; and continually training users. * (U) Alarm fatigue occurs when one is exposed to a large number of frequent alarms and consequently becomes desensitized to them. Desensitization can lead to longer response times or to missing important alarms.
  • 5. U N C L A S S I F I E D / / F O R O F F I C I A L U S E O N L Y U N C L A S S I F I E D / / F O R O F F I C I A L U S E O N L Y Page 4 of 7 (U) Appendix A: ICS-CERT and US-CERT Publications (U//FOUO) ICS-CERT works to reduce risks within and across all critical infrastructure sectors by partnering with law enforcement agencies and the IC and coordinating efforts among federal, state, local, and tribal governments and control systems owners, operators, and vendors. Additionally, ICS-CERT collaborates with international and private sector computer emergency response teams to share control systems-related security incidents and mitigation measures. ICS-CERT distributes advisories, alerts, bulletins, and recommended practices through its website: https://ics-cert.us- cert.gov/. (U//FOUO) ICS-CERT has published ICS-TIP-12-146-01B, which provides guidance and recommended practices for intrusion detection and mitigation strategies. This technical information paper can be found at, https://ics-cert.us- cert.gov/tips/ICS-TIP-12-146-01B. (U//FOUO) Organizations should routinely evaluate how to integrate best practices into their current environments to achieve system integrity, including the assurance of software authenticity and user identity. To assist in this endeavor, US-CERT has published recommended best practices in TIP-11-075-01, which can be found at, https://www.us- cert.gov/sites/default/files/publications/TIP11-075-01.pdf. (U//FOUO) US critical infrastructure consists of the physical and cyber assets of public and private entities in several sectors, including the US energy sector. The healthy functioning of cyber assets is essential to our economy and national security. US-CERT has published a paper outlining strategic objectives to prevent cyber attacks against US critical infrastructure, reduce national vulnerability to cyber attacks, and minimize damage and recovery time from cyber attacks. This document can be found at, https://www.us-cert.gov/security-publications/national-strategy-secure-cyberspace.
  • 6. U N C L A S S I F I E D / / F O R O F F I C I A L U S E O N L Y U N C L A S S I F I E D / / F O R O F F I C I A L U S E O N L Y Page 5 of 7 (U) Appendix B: ICS-CERT Incident Report Data (U) The below chart displays all ICS-CERTโ€™s 2014 US energy sector incident resport data by consequence and threat actors. (U) The classification of the above table is U//FOUO.24
  • 7. U N C L A S S I F I E D / / F O R O F F I C I A L U S E O N L Y U N C L A S S I F I E D / / F O R O F F I C I A L U S E O N L Y Page 6 of 7 (U) Tracked by: HSEC-1.1, HSEC-1.6, HSEC-1.10 1 (U//FOUO); DHS; ICS-CERT; REPORT NO. UNK; FEB 2015; DOI 01 OCT 2013 โ€“ 30 SEP 2014; (U//FOUO); Fiscal Year 2014 Incident Response Data; Extracted information is U//FOUO; Overall document classification is S//NF. 2 (U//FOUO); DHS; ICS-CERT; REPORT NO. UNK; FEB 2015; DOI 01 OCT 2013 โ€“ 30 SEP 2014; (U//FOUO); Fiscal Year 2014 Incident Response Data; Extracted information is U//FOUO; Overall document classification is S//NF. 3 (U); DHS; ICS-CERT; โ€œICS Focused Malware (Update A)โ€; 07 JUL 2015; https://ics-cert.us-cert.gov/alerts/ICS-ALERT-14-176-02A; accessed on 08 SEP 2015. 4 (U); PC WORLD; โ€œNew Havex Malware Variants Target Industrial Control System and SCADA Usersโ€; http://www.pcworld.com/article/2367240/new-havex-malware-variants-target-industrial-control-system-and-scada-users.html; accessed on 07 JUL 2015; (U); Article. 5 (U); DHS; ICS-CERT; ICS-ALERT-14-281-01B; 21 NOV 2014; DOI UNK; (U); Ongoing Sophisticated Malware Campaign Compromising ICS; Extracted information is UNCLASSIFIED; Overall document classification is UNCLASSIFIED. 6 (U); Symantec; โ€œDragonfly: Energy Companies Under Sabotage Threatโ€; 2012; https://files.sans.org/summit/ics2015/PDFs/Technical_Briefing_ICSTargeted_Threats.pdf; accessed on 08 SEP 2015; (U); Briefing. 7 (U); PC WORLD; โ€œNew Havex Malware Variants Target Industrial Control System and SCADA Usersโ€; http://www.pcworld.com/article/2367240/new-havex-malware-variants-target-industrial-control-system-and-scada-users.html; accessed on 07 JUL 2015; (U); Article. 8 (U); Symantec; โ€œDragonfly: Energy Companies Under Sabotage Threatโ€; 2012; https://files.sans.org/summit/ics2015/PDFs/Technical_Briefing_ICSTargeted_Threats.pdf; accessed on 08 SEP 2015; (U); Briefing. 9 (U); Symantec; โ€œDragonfly: Energy Companies Under Sabotage Threatโ€; 2012; https://files.sans.org/summit/ics2015/PDFs/Technical_Briefing_ICSTargeted_Threats.pdf; accessed on 08 SEP 2015; (U); Briefing. 10 (U); DHS; ICS-CERT; โ€œICS Focused Malware (Update A)โ€; 07 JUL 2015; https://ics-cert.us-cert.gov/alerts/ICS-ALERT-14-176-02A; accessed on 08 SEP 2015. 11 (U//FOUO); DHS; ICS-CERT; REPORT NO. UNK; FEB 2015; DOI 01 OCT 2013 โ€“ 30 SEP 2014; (U//FOUO); Fiscal Year 2014 Incident Response Data; Extracted information is U//FOUO; Overall document classification is S//NF. 12 (U); iSight Partners; 15-00014822; 30 DEC 2015, Version 2; (U); Power Outage by Cyber Attack on Energy Control Systems in Several Regions of Ukraine; (U); Cybersecurity industry report. 13 (U); Eduard Kovacs; Security Weekly; โ€œUkrain Accuses Russia of Hacking Power Companiesโ€; www.securityweek.com/ukraine-accuses- russia-hacking-power-companies; (U); Article. (U) Source Summary Statement (U) This Assessment is based on ICS-CERT incident reporting data and information self-reported to ICS-CERT by victim organizations from Fiscal Year 2014โ€”the last full year for which incident reporting data was available. This Assessment is also supported by information from reputable cybersecurity firms and the US media. We have high confidence in the accuracy and reliability of the ICS-CERT data, but acknowledge that newer ICS-CERT data might change our assessment. We also have high confidence in the reporting from reputable cybersecurity firms. Although the media reporting corroborates other reporting, this information may be intended to influence as well as inform, giving us medium confidence in this information. While we have high to medium confidence in the accuracy and reliability of these sources, our overall confidence in this assessment is medium because of the lack of data that would provide a comprehensive understanding of all malicious cyber incidents affecting the US energy sector. (U) Reporting Computer Security Incidents (U) To report a computer security incident, either contact US-CERT at 888-282-0870, or go to https://forms.us- cert.gov/report/ and complete the US-CERT Incident Reporting System form. The US-CERT Incident Reporting System provides a secure, web-enabled means of reporting computer security incidents to US-CERT. An incident is defined as a violation or imminent threat of violation of computer security policies, acceptable use policies, or standard computer security practices. In general, types of activity commonly recognized as violating typical security policies include attempts (either failed or successful) to gain unauthorized access to a system or its data, including personally identifiable information; unwanted disruption or denial of service; the unauthorized use of a system for processing or storing data; and changes to system hardware, firmware, or software without the ownerโ€™s knowledge, instruction, or consent.
  • 8. U N C L A S S I F I E D / / F O R O F F I C I A L U S E O N L Y U N C L A S S I F I E D / / F O R O F F I C I A L U S E O N L Y Page 7 of 7 14 (U); DHS; I&A Intelligence Analyst; Meeting; 04 JAN 2016; DOI UNK; (U); Meeting with ICS-CERT and E-ISAC; Extracted information is UNCLASSIFIED; Overall document classification is UNCLASSIFIED. 15 (U); DHS; I&A Intelligence Analyst; Meeting; 04 JAN 2016; DOI UNK; (U); Meeting with ICS-CERT and E-ISAC; Extracted information is UNCLASSIFIED; Overall document classification is UNCLASSIFIED. 16 (U); Fortune; โ€œLloydโ€™s CEO: Cyber Attacks Cost Companies $400 Billion Every Yearโ€; 23 JAN 2015; http://fortune.com/2015/01/23/cyber attack-insurance-lloyds/; accessed on 21 SEP 2015; (U); Article. 17 (U//FOUO); DHS; ICS-CERT; REPORT NO. UNK; FEB 2015; DOI 01 OCT 2013 โ€“ 30 SEP 2014; (U//FOUO); Fiscal Year 2014 Incident Response Data; Extracted information is U//FOUO; Overall document classification is S//NF. 18 (U//FOUO); DHS; ICS-CERT; REPORT NO. UNK; FEB 2015; DOI 01 OCT 2013 โ€“ 30 SEP 2014; (U//FOUO); Fiscal Year 2014 Incident Response Data; Extracted information is U//FOUO; Overall document classification is S//NF. 19 (U//FOUO); DHS; ICS-CERT; REPORT NO. UNK; FEB 2015; DOI 01 OCT 2013 โ€“ 30 SEP 2014; (U//FOUO); Fiscal Year 2014 Incident Response Data; Extracted information is U//FOUO; Overall classification is S//NF. 20 (U); Krebs on Security; โ€œNC Fuel Distributor Hit by $800,000 Cyberheistโ€; 23 MAY 2013; http://www.krebsonsecurity.com/2013/05/nc-fuel-distributor-hit-by-800000-cyberheist/; accessed on 11 SEP 2015; (U); Blog. 21 (U); CNN; โ€œHackers attacked the U.S. energy grid 79 times this yearโ€; 29 DEC 2014; http://money.cnn.com/2014/11/18/technology/security/energy-grid-hack/; accessed on 8 SEP 2015; (U); Article. 22 (U//FOUO); DHS; ICS-CERT; REPORT NO. UNK; FEB 2015; DOI 01 OCT 2013 โ€“ 30 SEP 2014; (U//FOUO); Fiscal Year 2014 Incident Response Data; Extracted information is U//FOUO; Overall document classification is S//NF. 23 (U); Forbes; โ€œChinese Cyber Attack Could Shut Down U.S. Electric Power Gridโ€; 28 NOV 2014; http://www.forbes.com/sites/robertlenzner/2014/11/28/chinese-cyber attack-could-shut-down-u-s-electric-power-grid/; accessed on 8 SEP 2015; (U); Article. 24 (U//FOUO); DHS; ICS-CERT; REPORT NO. UNK; FEB 2015; DOI 01 OCT 2013 โ€“ 30 SEP 2014; (U//FOUO); Fiscal Year 2014 Incident Response Data; Extracted information is U//FOUO; Overall document classification is S//NF.