In February, ICS-CERT (Industrial Control System) received a report from a gas compressor station owner about an increase in brute force attempts to access its process control network. Once other critical infrastructure asset owners were notified, it was discovered that similar brute force attempts also occurred. Natural compressor stations are a key component in moving gas through pipelines across the country. They have internet-facing control systems—mainly used by the natural gas industry. Attacks against gas compressor stations is further evidence that attackers are increasingly targeting critical infrastructure systems. http://alrt.co/12m3hrd
Takeaway: According to the ICS-CERT Monitor, in many cases the incident analysis was inconclusive because of limited or non-existent logging and forensics data from the ICS network. The ability to detect anomalous network activity and network intrusions early in an incident greatly increases the chance of a successful mitigation and resolution. Solutions like log management and intrusion detection along with managed services are ideal components for securing such an ICS.