Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

Share this Page URL

Basic Hacking Techniques > Threat Agents - Pg. 122

122 CHAPTER 6 Vulnerability and Risk Assessment This simplified description of how Stuxnet operates highlights the following important considerations: l l l The initial attack vectors leverage common enterprise hacking techniques. A compromised SCADA or DCS asset can be used to detect and penetrate addi- tional industrial systems. Even "nonroutable" systems (such as a fieldbus consisting of PLCs and IEDs) are susceptible to infection, and can be used to penetrate even further into the industrial process. Threat Agents Industrial networks are different in many ways from enterprise networks, and as such they attract a different type of attacker. Who would want to deliberately breach an industrial network? An attack on an industrial network is not difficult, although it does require specialized knowledge and therefore the attacker will require more resources. There also is not an obvious benefit to attacking most industrial networks, as there might be from a financial services network or a retailer. The bad news is that there are attackers, and they fall into several distinct classes. The Government Accountability Office (GAO) has identified several classes of attackers, or "threat agents" in DHS parlance. They include the following 18 : l l l l l l l l l General hackers looking for individual prestige (referred to as "attackers" by the GAO, although the term "attacker" is used more generally in this book to refer to any threat) Botnet operators and spammers, identified as having the same skill sets as gen- eral hackers, but with the intent of further distributing spambots and other botnets Criminal groups looking to obtain money, either as ransom against the threat of a disruptive attack, or through direct monetary theft Insiders, including disgruntled employees, technology or business partners, or recently terminated employees or partners Phishers, treating industrial networks as another population of users susceptible to identity theft Spyware and malware authors Foreign intelligence services, as part of information gathering and espionage efforts Terrorists, seeking to destroy or disrupt critical infrastructures Industrial spies, who--much like foreign intelligence services--perform espi- onage, but for the purpose of acquiring intellectual property from competitive companies and/or nations At first, the list of identified threat agents does not stand apart from what might be expected from an enterprise network attacker. However, the last three (foreign intelligence agencies, terrorists, and industrial spies) quickly put the risk of indus- trial network attack in perspective. Mapping the GAO's classifications to the likeli- hood and sophistication of an attack (as depicted in Chapter 2, "About Industrial