This site has been deprecated in favor of https://attack.mitre.org and will remain in place until 11/1/22.

Loss of Availability

From attackics
(Redirected from Loss of Availability)
Jump to navigation Jump to search

To visit this technique’s new page please go to and update your links to https://attack.mitre.org/techniques/T0826

Loss of Availability
Technique
ID T0826
Tactic Impact

Description

Adversaries may attempt to disrupt essential components or systems to prevent owner and operator from delivering products or services.123

Adversaries may leverage malware to delete or encrypt critical data on HMIs, workstations, or databases.

In the 2021 Colonial Pipeline ransomware incident, pipeline operations were temporally halted on May 7th and were not fully restarted until May 12th.4


Procedure Examples

  • A Conficker infection at a nuclear power plant forced the facility to temporarily shutdown.5

Mitigations

  • Out-of-Band Communications Channel - Provide operators with redundant, out-of-band communication to support monitoring and control of the operational processes, especially when recovering from a network outage 6. Out-of-band communication should utilize diverse systems and technologies to minimize common failure modes and vulnerabilities within the communications infrastructure. For example, wireless networks (e.g., 3G, 4G) can be used to provide diverse and redundant delivery of data.
  • Redundancy of Service - Hot-standbys in diverse locations can ensure continued operations if the primarily system is compromised or unavailable. At the network layer, protocols such as the Parallel Redundancy Protocol can be used to simultaneously use redundant and diverse communication over a local network.7
  • Data Backup - Take and store data backups from end user systems and critical servers. Ensure backup and storage systems are hardened and kept separate from the corporate network to prevent compromise. Maintain and exercise incident response plans 8, including the management of "gold-copy" back-up images and configurations for key systems to enable quick recovery and response from adversarial activities that impact control, view, or availability.


References

  1. ^  Corero. (n.d.). Industrial Control System (ICS) Security. Retrieved November 4, 2019.
  2. ^  Michael J. Assante and Robert M. Lee. (n.d.). The Industrial Control System Cyber Kill Chain. Retrieved November 4, 2019.
  3. ^  Tyson Macaulay. (n.d.). RIoT Control: Understanding and Managing Risks and the Internet of Things. Retrieved November 4, 2019.
  4. ^  Colonial Pipeline Company. (2021, May). Media Statement Update: Colonial Pipeline System Disruption. Retrieved October 8, 2021.
  1. ^  Catalin Cimpanu. (2016, April 26). Malware Shuts Down German Nuclear Power Plant on Chernobyl's 30th Anniversary. Retrieved October 14, 2019.
  2. ^  National Institute of Standards and Technology. (2013, April). Security and Privacy Controls for Federal Information Systems and Organizations. Retrieved September 17, 2020.
  3. ^  M. Rentschler and H. Heine. (n.d.). The Parallel Redundancy Protocol for industrial IP networks. Retrieved September 25, 2020.
  4. ^  Department of Homeland Security. (2009, October). Developing an Industrial Control Systems Cybersecurity Incident Response Capability. Retrieved September 17, 2020.



v · d · e
Adversary Techniques
Initial Access
Execution
Persistence
Evasion
Discovery
Lateral Movement
Collection
Inhibit Response Function
Impair Process Control
Impact


Retrieved from "https://collaborate.mitre.org/attackics/index.php?title=Technique/T0826&oldid=9599"