Discover and read the best of Twitter Threads about #TRISIS

Most recents (2)

Now that I've had some distance from the analysis of #PIPEDREAM, I've been thinking a lot about knowledge gain, across #CRASHOVERRIDE, #TRISIS, and PIPEDREAM. Here's a quick summary of how I'm seeing the advancement of knowledge by adversaries seeking to impact ICS. (1/13)
2016, #CRASHOVERRIDE impacts a substation in UKRAINE. The toolkit encompassed 4 protocols: IEC101, IEC 104, 61850/MMS, and OPC-DA, capable of targeting breakers and switchgear that use those protocols, along with a custom DOS utility targeting a Siemens SIPROTEC relay. (2/13)
#CRASHOVERRIDE demonstrated a breadth of protocol knowledge with a lack of depth. (Aside: I only analyzed the 61850, and OPC modules along with the Siprotec stuff). These modules were sloppily put together. (3/13)
Read 14 tweets
Today at #S4x19, @electricfork and I debated different sides of "if OT tools and talent are needed to detect attacks on ICS." Some thoughts on ICS attacks and #TRITON in a tweep thread.
For the debate, I'm not convinced either way because there are few *public* intrusion data sets for either side of the argument. I think peeps are over it now, maybe no point to sharing this, but to get the convo started let's dump/share some rando #TRITON #TRISIS TTPs.
.@FireEye blogged/presented about #TRITON and some of the incident response activities in depth by @voteblake and friends in late 2017, fireeye.com/blog/threat-re… and
Read 25 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!