This blog is a summary of the Dragos North American Electric Cyber Threat Perspective. Read the full perspective here.
Attacks on electric systems – like attacks on other critical infrastructure sectors – can further an adversary’s criminal, political, or economic goals. As adversaries and their sponsors invest more effort and money into developing effects-based operational outcomes, the risk of a disruptive or destructive attack on the electric sector – including in North America – significantly increases.
Today Dragos released a new report: The North American Electric Cyber Threat Perspective. The information in this report is based on Dragos’ ICS-specific threat intelligence, global Platform telemetry, and service engagements and provides an overview of threats to electric and other critical infrastructure sectors in North America. Threats to this sector are growing – this year Dragos identified two groups – MAGNALLIUM and XENOTIME – that expanded their targeting from oil and gas to include electric in North America. This underscores the trend in threats expanding from single-vertical ICS operations to multi-vertical ICS operations we observe from adversaries targeting industrial entities.
Additionally, supply chain and third-party compromise remain real and present risk and significant threat to this sector, in addition to adversaries exploiting remote connectivity services used by organizations like vendors or contractors. PARISITE for instance – a new activity group Dragos identified in 2019 – largely focuses on exploiting vulnerabilities in virtual private network (VPN) appliances to gain initial access to target ICS networks.
The complete “energy infrastructure sector” (e.g., electric, oil and gas, etc.) of all countries are at risk as companies and utilities face multiple well-resourced ICS-focused adversaries. Cyberattacks are an increasing means to project both symmetric and asymmetric power using cyberattacks in the energy domain.
The report provides a comprehensive look at threats to the North American electric sector and offers numerous defensive recommendations for asset owners and operators to implement and combat observed threats.