kdw
Joined: 05 May 2006 Posts: 1481
|
Posted: 26.11.2017, 18:33 Post subject: VPP Cybersecurity … |
|
|
Hi Forum.
The most critical point to watch is cybersecurity. VHPready uses closed user groups and TLS-based VPNs as security components. But the VHPready control center runs Windows-based PCs or servers. And this hardware was the weak point for the cyberattack against the Ukraine power grid.
See also: https://ics-cert.us-cert.gov/alerts/IR-ALERT-H-16-056-01
The Ukraine power grid attack was named as “SandWorm” and was working with the help of the Windows OLE package manager and remote code execution. The malicious code was distributed over PPT files.
See also https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4114
As a VPP operator please makes sure, that there is 100% secured network isolation between your Windows boxes and the VHPready distributed devices within the field. Use next-generation firewalls (NGFW) with deep-packet inspection (DPI) and anomaly-based intrusion detection.
Regards KDW |
|