Manifestation of a Threat

When an HLS Cyber Threat traverses to the physical domain

In 1995, the movie titled “Virtuosity” was released to the screens, starring Russell Crowe as SID 6.7, a sadistic and highly intelligent virtual entity who was able to materialize himself into a human form, bringing havoc on the city of Los Angeles in a cheesy polyester suite. Although there is slim chance of SID 6.7 leaping out of your pc any time soon, yet there is an alarming trend toward cyber threats that has effect on the physical domain.

Just to put things in perspective, most cyber threats have direct effect only on the cyber domain, This includes major identity thefts like the 2012 breach on south California state leading to the exposure of 387,000 payment cards and the 2009 breach to the US DOD F-35 Archives as well as most data theft incident reported in major defense industries around the globe. All of those events, no matter how significant and severe their implications are, all were bound and confined to the cyber domain as digital transaction and data sources.

A cyber threat can “leap” into the physical domain mainly when there is a direct machine-to-computer interface. Most of those threats are associated with Critical infrastructures, either in the military or the civilian space.

The most known cyber events in that category are APTs – Advanced Persistent threats, the most famous one is certainly STUXNET that had direct-physical effect on the number of operational enrichment centrifuges in the Iranian Nuclear Facility. The civilian domain of Home land security had its own share of physical able cyber threats such as the 2003 attack on US CSX Train signals and the 2003 malware attack on the Davis-Besse Ohio Nuclear Power Plant and more.

Latest global incident analysis displays a disturbing increase in over 800% for cyber events aimed for critical infrastructures using a physical effected threat.

While we often tend to put price tags on cyber events to demonstrate the scope of both direct and the collateral damages inflicted by those event, cyber threats that can be manifested to the physical domain might have devastating and destructive effects, potentially even put lives at risk – and that is one thing that no one will ever want to put a price tag on.

Figure 1:  Potential Targets

 There are three potential types of threats that can escalate and effect physical infrastructures:

1. The first one is a highly engineered malware, crafted specifically for this purpose. This can be part of an orchestrate APT attack or an autonomous, dedicated or “mutated” malware. One example is the “BadMiner” malware that was engineered specifically for Bitcoin application but can have severe consequences on an HLS system.BadMiner targets GPU (Graphical Processing Unit) resources, Good luck running a CCTV driven event when this malware hits.
2. The second one are cyber threats on strategic networks that operate significant signaling protocols such as  industrial control systems (SCADA – Supervisory Control and Data Acquisition Systems), Environmental and HVAC signaling systems, Traffic control, surgery support system, etc’.
3. The third threat has to do with what is commonly referred to in the industry as the “Dooms Day” scenario. In this scenario a coordinated mix of cyber and physical events can lead to a devastating effect. For example think of a scenario where the police dispatch system is attacked by a DDOS event, pushing it out of commission for a few hours while simultaneously the triage centers of all major hospital in a metropolitan area are hit by an engineered malware and all of that happens during an actual bomb alert.

While handling the third scenario may require a nationwide approach and even the support of a Cyber command and supportive regulation, what is common to all three scenarios is that mitigating those threats mandates adopting new methodologies and security policies and deploying Cyber Defense Systems. While standard Security mechanisms such as Network and Application security solution can be used as an enforcement layer. Strategic organization must include advanced solutions for handling stealth, complex attacks.

Tomer Nuri

CTO

Netcom (Malam-Team Communication)