The Radiflow Cyber Security Blog

 
Subscribe to the Radiflow Security Blog – new posts will conveniently show up in your inbox the day they’re posted.

Calculating the Cost of a Power Outage

What is the cost of a power outage caused by a cyber-attack? And how does one calculate the predicted cost? Beyond the actuary purpose of estimating the cost of a power outage caused by a cyber-attack, the predicted cost can also inform decision makers as to the...

read more

Analysis of the Ukrainian Outage

As the smoke starts to clear around the Ukrainian power outage–a significant case of a confirmed cyber-attack that left tens of thousands of people in the dark–more and more details are being confirmed about the chain of events that led to the outage. In this paper we...

read more

Seeing in the Dark: ICS Network Visibility

In this post I will describe the usage of an IDS (Intrusion Detection System) tool for achieving Network Visibility in ICS networks. This post will be divided into two sections. First, I will cover the operational and security needs in Network Monitoring. Second, I’ll...

read more

Industrial IDS Deployment

In our previous posts we discussed the various types of attacks on operational (OT) networks. We’ve also discussed the means of mitigating different types of attacks, with the exception of “In-Field” attacks. In this post we will discuss mitigating In-Field attacks...

read more

Revealing Web-Connected Critical Devices

Background In my last entry I mentioned shortly the re connaissance stage in ICS attack campaigns. In this post I will present the risks involved, and I will describe one of the tools used for reconnaissance. If you read this post through, you will be able to search on your own for web-connected SCADA controllers. The […]

read more

Yes We SCAN!

Early detection of ICS attacks decreases the probability of causing damage to the network. In this post I will focus on one of the first stages in ICS attacks, where the attacker attempts to scan the network for devices. First, I will explain the motivation behind the scanning stage, followed by a description of the scanning techniques used…

read more

Designing an ICS Attack Platform

Early detection of ICS attacks decreases the probability of causing damage to the network. In this post I will focus on one of the first stages in ICS attacks, where the attacker attempts to scan the network for devices.

read more

ICS Firewall Deployment

We take it as a given that it’s essential to deploy firewalls inside ICS networks. However, it is less clear why and which properties should such firewalls have: should they be stateful? DPI? Signature-based? In this post I will try to shed some light on the topic. Consider a typical ICS network, with a main […]

read more