Addressing Cyber and Production Risk in OT Environments

January 10, 2022

  • Ransomware affects IT and OT environments differently, but modern attacks can begin in an organization’s IT environment and then pivot to OT resources.
  • The dearth of cybersecurity skills in OT environments complicates the task of protecting them.
  • There are things OT operations can do, however. In this guest post, TripWire’s Richard Springer discusses the challenge and offers useful suggestions.

 


 

Ransomware affects information technology (IT) and operational technology (OT) environments differently. An attack against the former can bring down operating systems and applications in the organization, disrupting enterprise or IT operations. But an attack against OT environments can bring down critical infrastructure systems that uphold public safety and national security. The problem is that many modern ransomware attacks can begin in an organization’s IT environment and then pivot to OT resources, potentially undermining production as well as the physical safety of customers.

 

 

So, Organizations Can Just Defend Against OT Attacks, Right?

Not exactly. It’s not always easy for organizations to safeguard their OT environments. That’s because there are certain challenges still confronting OT threat detection. As an example, there’s a dearth of cybersecurity skills in operations and manufacturing knowledge in the security operations center (SOC). These limits tie into a shortage of cybersecurity skills more broadly. Approximately four-fifths (82%) of security professionals told Tripwire in 2020 that their teams were understaffed. That’s about the same proportion (85%) of respondents who said that it had become more difficult for their organization to hire skilled security professionals in the past few years – both for their enterprise and industrial environments.

 

The barriers to OT threat detection don’t end there, either. As Gaurav Pratap put it, “threats are continuously changing, and adversaries are advancing their techniques.” Such dynamism makes it difficult for organizations to maintain consistent visibility of their OT environments.

 

This explains the high-profile ransomware attacks we saw targeting critical infrastructure organizations in 2021. Let’s take a moment to look back to a few of them below:

 

  • Back in May, a ransomware group struck a pipeline company and disrupted both its IT and OT systems. The organization responded by temporarily halting operations while it remediated the attack. This disrupted the transportation of gasoline, diesel fuel and natural gas between Texas and New Jersey for about a week. Fuel prices subsequently shot up and panic buying ensued - even in locations not directly served by the company.
  • Later that same month, Bleeping Computer reported on a ransomware attack that affected the world’s largest meat producer. The incident affected some of the servers underlying the functionality of its North American and Australian IT systems. In response, the meat producer temporarily disabled all affected systems while it worked with law enforcement to recover from the attack. Ultimately, the company met the attackers’ demands, but not before meat supplies tightened and prices for pork and beef increased.
  • Several months later, a woman filed a medical malpractice lawsuit against an Alabama hospital for a security incident that occurred in 2019. At that time, the medical facility suffered a ransomware infection that encrypted files across its IT environment. According to the HIPAA Journal, the defendant took down its computer systems for eight days. It also required staff to record patient information on paper charts and to operate under other emergency protocols. During that time, the plaintiff arrived at the hospital and gave birth to her baby, but her child suffered brain damage during delivery and died nine months later. The plaintiff alleged in her lawsuit that no one informed her that the hospital’s patient care had been affected, and that her baby’s death could have been prevented had this vital information been available at the time.

 

 

How to Protect OT Environments Against Ransomware

Fortunately, organizations can protect their OT environments against ransomware. Perhaps the most important step is to recognize the importance of OT cybersecurity and make it a priority. From there, organizations can translate that interest into meaningful action.

 

First, they need to make sure that their employees have a fundamental understanding of the digital threats confronting them. Organizations can use security awareness training as an opportunity to familiarize their employees with their security policies.

 

Second, organizations must implement security best practices such as multi-factor authentication (MFA) and network segmentation. Both these security controls can help limit the damage an attack can cause if it succeeds in stealing a legitimate set of credentials or establishing a foothold on an endpoint. Organizations can also look to industry-specific best practices to safeguard their OT systems even further.

 

Finally, they should consider working with a trusted vendor that has a track record of helping customers gain visibility into their industrial networks.

Richard Springer
Director of Industrial Cybersecurity Business Strategy and Development | Tripwire
Rich Springer joined Tripwire in early 2019. He provides a strong operational (OT) and SCADA background across several industries, including Energy, Semiconductors and the nuclear Navy. Rich is excited to build and employ cyber security solutions for Industrial customers where many are just starting their cybersecurity journey.

Optiv Security: Secure greatness.™

Optiv is the cyber advisory and solutions leader, delivering strategic and technical expertise to nearly 6,000 companies across every major industry. We partner with organizations to advise, deploy and operate complete cybersecurity programs from strategy and managed security services to risk, integration and technology solutions. With clients at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can. At Optiv, we manage cyber risk so you can secure your full potential. For more information, visit www.optiv.com.