SANS Industrial Control Systems Security Blog: Category - ukraine

One CIP, Two CIP, Red CIP, Blue CIP

This blog was written by - Tim Conway with contributions, edits, and research from Ted Gutierrez and Kevin Perry Looking at the Ukraine cyber-attacks through the various lenses of NERC CIP Following the cyber-attacks which impacted the Ukrainian electric system on December 23, 2015 there were a number of public statements and discussions asking … Continue reading One CIP, Two CIP, Red CIP, Blue CIP


Pictures and Theories May Help, but Data Will Set Us Free

This blog post was written by Tim Conway SANS Technical Director - ICS/SCADA Programs. In reviewing the open source information available on the most recent Ukraine activity, I have seen numerous references to either a device failure or a cyber-attack as being the leading theories behind the recent electric system event. As the asset owner … Continue reading Pictures and Theories May Help, but Data Will Set Us Free


How do you say Ground Hog Day in Ukrainian?

This post was written by Michael J. Assante, SANS ICS/SCADA Lead and Tim Conway SANS Technical Director - ICS/SCADA Programs. Around this same time last year, as many of us were preparing to enjoy our winter holidays with family and friends, exchanging gifts and eating entirely too much food, the cybersecurity community began learning of … Continue reading How do you say Ground Hog Day in Ukrainian?


Ukrainian Grid Attack: How NERC CIP-like Measures Might Have Helped

With the recent release of the E-ISAC and SANS ICS Defense Use Case (DUC) #5 which analyzed the cyber-attack that impacted Ukraine on December 23, 2015, I wondered how NERC CIP might have helped. I want to preface this analysis with acknowledgement that the Ukrainian event was wholly contained at the distribution level of their … Continue reading Ukrainian Grid Attack: How NERC CIP-like Measures Might Have Helped


E-ISAC and SANS Report On The Ukrainian Grid Attack

Yesterday the SANS ICS team released its Defense Use Case (DUC) #5 analyzing the cyber-attack that impacted Ukraine on December 23, 2015. The paper is written from the perspective of what lessons that can be learned from the event. The unprecedented cyber induced power disruption provides an opportunity for US electric grid asset owners and … Continue reading E-ISAC and SANS Report On The Ukrainian Grid Attack