Andrea Carcano, co-founder and chief product officer for Nozomi Networks, an ICS security company based in San Francisco, said “the protocol communication used by CrashOverride is not a flaw per se.”

“The threat actor merely used legitimate commands to send incorrect directions to the substation control units,” Carcano told SearchSecurity “Once CrashOverride was able to penetrate the plant network, the communications it sent on the network were all using industrial protocols as they are intended to be used.”

Read More