Loss of View
|Loss of View|
|Asset||Human-Machine Interface, Engineering Workstation|
Adversaries may cause a sustained or permanent loss of view where the ICS equipment will require local, hands-on operator intervention; for instance, a restart or manual operation. By causing a sustained reporting or visibility loss, the adversary can effectively hide the present state of operations. This loss of view can occur without affecting the physical processes themselves.123
- Industroyer's data wiper component removes the registry "image path" throughout the system and overwrites all files, rendering the system unusable.4
- KillDisk erases the master boot record (MBR) and system logs, leaving the system unusable.5
- Some of Norsk Hydro's production systems were impacted by a LockerGoga infection. This resulted in a loss of view which forced the company to switch to manual operations.67
- Corero. (n.d.). Industrial Control System (ICS) Security. Retrieved November 4, 2019.
- Michael J. Assante and Robert M. Lee. (n.d.). The Industrial Control System Cyber Kill Chain. Retrieved November 4, 2019.
- Tyson Macaulay. (n.d.). RIoT Control: Understanding and Managing Risks and the Internet of Things. Retrieved November 4, 2019.
- Anton Cherepanov, ESET. (2017, June 12). Win32/Industroyer: A new threat for industrial control systems. Retrieved September 15, 2017.