The wider Industry 4.0 revolution has led industrial operational technology (OT) systems, which traditionally operated in isolation, to be connected to the Internet. The connections can be simple, such as the addition of Internet-connected sensors to monitor things like vibration and temperature to provide pre-emptive failure notifications. Alternatively, the connection can be used to open up remote access to enable monitoring and maintenance without having to be physically on-site. There are many other reasons for connecting OT systems to the Internet, including the full integration of Industrial Control Systems (ICS) and Programmable Logic Controllers (PLCs) into overarching Supervisory Control and Data Acquisition (SCADA) and Distributed Control Systems (DCS).
Like any other system that is online and reachable via the Internet, industrial OT systems need to be protected. The protection of these vital industrial systems is a specialised task. Traditionally, IT have not had anything to do with OT systems, other than providing “limited connectivity” in some cases. It is the case in many organisations where IT and Engineering are not necessarily compatible when it comes to production environments. It is often seen as the domain of Engineering where IT dearth tread. Consequently, in many cases it is fair to say IT have little knowledge of the OT systems and may not have any more knowledge of the production environment. Add to that the traditional view that OT environments didn’t require protection as no one would be interested in attacking, there was thought to be nothing of value and little, or no way to gain remote access. All of which is now no longer valid and as a result a particular set of skills is required to implement meaningful protections. Gallarus Industry Solutions has such knowledge and can ensure vital industrial OT systems are protected. Contact us to discuss your needs. Read on for more info on the type of threats that industrial systems face, and how to mitigate them.
Attackers are targeting industrial OT Infrastructure
As organisations have brought their industrial OT infrastructure online, the cybercriminals have noticed and stepped up attacks, targeting these critical and vital systems. Attacks have come from two directions. Some state-based actors are targeting industrial infrastructure for political and espionage purposes. Some examples of this include the Stuxnet worm that was designed to infect the PLCs controlling the centrifuges in Iran’s nuclear fuel enrichment project. Another example is the malware named Triton that targeted and infected a leading safety control system. The goal was to shut off the safety protection and cause the systems, that were no longer protected, to fail. If they had succeeded, this would have had life-threatening consequences. Fortunately, a flaw in the Triton design led to it being detected before it could cause catastrophic damage.
Increasingly industrial OT systems are being targeted for purely financial reasons. The most recent and high profile example was a ransomware attack on the industrial aluminium producer Norsk Hydro. In March 2019, they were attacked by cybercriminals who breached their network defences and deployed ransomware known as LockerGoga. This encrypted system files and the attackers demanded payment to decrypt the data. The attack caused significant short and medium-term disruption to the Norsk Hydro operations, but they switched to manual operations and contingency plans which allowed critical systems to continue to operate.
Norsk Hydro didn’t pay a ransom to the attackers. They engaged internal and external experts and over time restored their systems from good backups. In handling the issue, the company reported frankly and honestly about the incident and explained that it cost them at least €55 million to deal with the attack. As an industry, we should be grateful to Norsk Hydro for their openness about this incident. The threat from financially motivated attacks will only increase in the future.
Protecting industrial OT Infrastructure
Protecting industrial OT systems from attack requires a strategy that is both wide-ranging, and that dives deeply into the various components that need to be protected. This is best achieved if organisations set up multi-discipline teams that can work across boundaries to ensure proper protection and response procedures are in place. These teams need to have staff who fully understand the industrial infrastructure that is being used and which needs to be protected.
If people who understand the best way to secure industrial OT systems are not available internally, then the use of external experts is an excellent way to bridge any knowledge gaps. As mentioned above, Gallarus Industry Solutions are experts in the security of industrial systems and are ready to assist in this area.
It should be noted that the securing of industrial systems is not just a cyber issue. Adequate online protection is essential, but so is the physical security of the facilities that house the industrial equipment. As this excellent security conference talk by physical security expert Deviant Ollam shows. If malicious actors can gain physical access to your site, then the best cybersecurity in the world may not be protection enough.
Building a team with the required skills to adequately protect industrial OT systems using internal staff and resources is difficult for most organisations. The expert consultants in Gallarus Industry Solutions are available and ready to help.