Difference between revisions of "Scenario 03: Cyber operation against the power grid"

Jump to navigation Jump to search
m (→‎Facts: we believe it is importatn to distinguish beween critical and non-critical systems in company X, hence the change.)
=== Facts ===
Government-owned company X is responsible for the distribution of electricity across a large part of the territory of State A. Accordingly, its infrastructure has been designated as part of “critical national infrastructure” by the domestic law. Parts of the information infrastructure of company X are used to control critical operations, other parts serve to perform administrative functions unrelated to critical operations.
Delivery of computers procured as part of the modernisation of the [[Glossary|industrial control systems (ICS)]] used by company X is, unbeknownst to either of the contractual parties, compromised by hackers who succeed in installing concealed remote-control equipment in the computers in question. Once the computers are integrated in the ICS, the hackers are able to remotely monitor the activities in the technical control centre and to assume control over the infrastructure of company X without the staff knowing.