This site has been deprecated in favor of https://attack.mitre.org and will remain in place until 11/1/22.
Loss of Control
|Loss of Control|
|External Contributors||Dragos Threat Intelligence|
The German Federal Office for Information Security (BSI) reported a targeted attack on a steel mill in its 2014 IT Security Report.4 These targeted attacks affected industrial operations and resulted in breakdowns of control system components and even entire installations. As a result of these breakdowns, massive impact resulted in damage and unsafe conditions from the uncontrolled shutdown of a blast furnace.
- Industroyer's data wiper component removes the registry "image path" throughout the system and overwrites all files, rendering the system unusable.5
- Some of Norsk Hydro's production systems were impacted by a LockerGoga infection. This resulted in a loss of control which forced the company to switch to manual operations.67
- Out-of-Band Communications Channel - Provide operators with redundant, out-of-band communication to support monitoring and control of the operational processes, especially when recovering from a network outage 8. Out-of-band communication should utilize diverse systems and technologies to minimize common failure modes and vulnerabilities within the communications infrastructure. For example, wireless networks (e.g., 3G, 4G) can be used to provide diverse and redundant delivery of data.
- Redundancy of Service - Hot-standbys in diverse locations can ensure continued operations if the primarily system are compromised or unavailable. At the network layer, protocols such as the Parallel Redundancy Protocol can be used to simultaneously use redundant and diverse communication over a local network.9
- Data Backup - Take and store data backups from end user systems and critical servers. Ensure backup and storage systems are hardened and kept separate from the corporate network to prevent compromise. Maintain and exercise incident response plans 10, including the management of "gold-copy" back-up images and configurations for key systems to enable quick recovery and response from adversarial activities that impact control, view, or availability.
- Corero. (n.d.). Industrial Control System (ICS) Security. Retrieved November 4, 2019.
- Michael J. Assante and Robert M. Lee. (n.d.). The Industrial Control System Cyber Kill Chain. Retrieved November 4, 2019.
- Tyson Macaulay. (n.d.). RIoT Control: Understanding and Managing Risks and the Internet of Things. Retrieved November 4, 2019.
- Bundesamt für Sicherheit in der Informationstechnik (BSI) (German Federal Office for Information Security). (2014). Die Lage der IT-Sicherheit in Deutschland 2014 (The State of IT Security in Germany). Retrieved October 30, 2019.
- Anton Cherepanov, ESET. (2017, June 12). Win32/Industroyer: A new threat for industrial control systems. Retrieved September 15, 2017.
- Kevin Beaumont. (n.d.). How Lockergoga took down Hydro — ransomware used in targeted attacks aimed at big business. Retrieved October 16, 2019.
- Hydro. (n.d.). Retrieved October 16, 2019.
- National Institute of Standards and Technology. (2013, April). Security and Privacy Controls for Federal Information Systems and Organizations. Retrieved September 17, 2020.
- M. Rentschler and H. Heine. (n.d.). The Parallel Redundancy Protocol for industrial IP networks. Retrieved September 25, 2020.
- Department of Homeland Security. (2009, October). Developing an Industrial Control Systems Cybersecurity Incident Response Capability. Retrieved September 17, 2020.