critical infrastructures brochure
TRANSCRIPT
LightSEC™
Until recently, Cyber attacks were aimed at Service Providers and Enterprises. The agenda was mostly
economic – to hurt customers and ruin reputations. An infrastructure with such vulnerability also places their
customers’ valuable data at risk. Today, the situation is even more severe. Critical infrastructures are now the
preferred target for cyber terrorists who want to wage war within the comfort of their homes. If not addressed
properly, the massive increase in such attacks will reach new peaks, with catastrophic consequences.
As 225,000 Ukrainians were getting ready to celebrate Christmas this past December, an orchestrated attack
to the power utility took cyber warfare to the next level, causing a blackout across a large portion of the
country. Disregarding the cleverness of the operation, it was a really a simple exploitation of naïve employees,
combined with an inadequate security solution, allowing a group of Russian (allegedly) cyber terrorists to
paralyze three power companies.
Let’s put aside the question of who is to blame and what their motives were for the moment. Enough has been
already studied, analyzed, and written about what is widely considered the first known power outage cyber-
attack in the world. It is far more important to understand how it was executed and how to prevent recurrence.
Ultimately, it was a well-coordinated attack, remotely switching circuit breakers to cut off the power, backed
up by installed malware to prevent technicians from detecting the attack. And it worked. This was the first
cyber-attack on an electric utility that actually took out a power grid. To top it off, the attack also prevented
customer service phones from reaching the call center by spamming them, thus blocking all communication
with anxious customers.
THE HOTTEST NEW CYBER WAR ZONE
CRITICAL INFRASTRUCTURES
ON THE CROSSHAIRS
The Ukraine electricity cyber attack was the ‘opening shot’ for cyber warfare targeting critical infrastructures.
The frequency of these types of attacks emphasizes the need for a comprehensive solution to prevent severe damage.
THE AFTERMATH
DON’T BE THE NEXT VICTIM
To call it an organized attack is an understatement. Phishing emails to Ukraine’s power utility company employees were
sent six months prior to the attack. The emails contained official-looking Microsoft Word documents. When opened,
they installed malware on Ukraine power company workstations. The attacks were cleverly synchronized, occurring in
30 minute intervals, and impacted multiple central and regional facilities.
Now that the first round is over, and the warning is understood, we are doubly wary, and motivated to raise our defenses
against such attempts, especially those of us with more modern computerized grids or any other utility, for that matter.
In this day and age, utility downtime can be just as threatening as a military attack, with all its repercussions.
ECI’s LightSEC cyber security products offer comprehensive security solutions for the Critical Infrastructure
community. As you would expect, this includes encryption, firewall, DPI, VPN, SCADA protection, network anomaly
detection, big data cyber analytics, DDOS protection, strong authentication, and more.
ABOUT ECI
ECI is a global provider of ELASTIC network solutions to CSPs, utilities as well as data center operators. Along with
its long-standing, industry-proven packet-optical transport, ECI offers a variety of SDN/NFV applications, end-to-end
network management, a comprehensive cyber security solution, and a range of professional services. ECI's ELASTIC
solutions ensure open, future-proof, and secure communications. With ECI, customers have the luxury of choosing a
network that can be tailor-made to their needs today – while being flexible enough to evolve with the changing needs
of tomorrow. For more information, visit us at w w w.e c i t e l e .c o m
Contact your ECI rep TODAY about protecting YOUR infrastructure!
Co
py
righ
t © 2
016
EC
I. All rig
hts re
se
rve
d. In
form
atio
n in
this d
oc
um
en
t is su
bje
ct to
ch
an
ge
with
ou
t no
tice
. EC
I assu
me
s no
resp
on
sib
ility fo
r an
y e
rrors th
at m
ay a
pp
ea
r in th
is do
cu
me
nt.