What is Operational Technology (OT)?
Operational Technology (OT) refers to the hardware and software systems that monitor and control physical processes in various industries, such as manufacturing, energy, transportation, and healthcare. OT systems are often critical for the safety, productivity, and quality of these operations, and therefore require high levels of availability, reliability, and resilience.
However, OT systems also face significant cybersecurity challenges, especially as they become more connected to IT (Information Technology) networks and the Internet. OT systems are increasingly exposed to cyber threats that can compromise their functionality, integrity, and safety, resulting in physical damage, operational disruption, financial losses, and even human casualties.
In this blog, we will explore some of the specific challenges of OT cyber security, provide some recent real-world examples of OT cyber attacks, and offer some initial steps on how you can work with Sekuro to start a review of your OT devices and protect them from cyber risks.
OT Cyber Security Challenges
OT systems differ from IT systems in several aspects, which pose unique challenges for cybersecurity. Some of these challenges are:
- Legacy and outdated systems: Many OT systems are decades old and were not designed with cybersecurity in mind. They often run on obsolete operating systems and software, which have known vulnerabilities and lack security updates and patches. Moreover, they may use proprietary or custom protocols and interfaces, which are not compatible with standard security tools and practices.
- Lack of visibility and inventory: OT systems are often distributed across multiple locations and environments, making it difficult to have a comprehensive and accurate inventory of all the devices, assets, and configurations. Without proper visibility, it is hard to identify and assess the vulnerabilities, risks, and threats that affect OT systems, and to implement effective security measures and controls.
- IT/OT convergence and interdependencies: OT systems are increasingly connected to IT systems and the Internet, either directly or through third-party vendors and service providers. This enables data exchange, remote access, and cloud services, which can improve efficiency, performance, and innovation. However, it also creates new attack vectors and expands the attack surface, exposing OT systems to the same cyber threats that target IT systems. Furthermore, it creates interdependencies between IT and OT systems, meaning that a cyberattack on one system can have cascading effects on the other.
- Limited resources and skills: OT systems often operate in resource-constrained environments, where there is limited bandwidth, power, and computing capacity. This limits the ability to deploy security solutions that require high performance or frequent updates. Additionally, there is a shortage of skilled personnel who have both the technical and operational knowledge and experience to manage and secure OT systems. This creates a gap between the IT and OT teams, who may have different priorities, objectives, and cultures.
- Regulatory and compliance requirements: OT systems are subject to various regulatory and compliance requirements, depending on the industry and jurisdiction they operate in. These requirements may impose specific standards, guidelines, and best practices for OT security, as well as reporting and auditing obligations. Failing to comply with these requirements can result in legal penalties, reputational damage, and loss of trust and confidence.
OT Cyber Security Incidents
OT cyber security incidents are not hypothetical scenarios, but real and growing threats that have already affected many organisations and sectors around the world. Here are some examples of recent OT cyber attacks that illustrate the severity and diversity of these incidents:
- Colonial Pipeline ransomware attack: In May 2021, Colonial Pipeline, the largest fuel pipeline operator in the US, was hit by a ransomware attack that encrypted its IT systems and demanded a ransom for decryption. The attack also affected the OT systems that control the pipeline operations, forcing the company to shut down the pipeline for several days. The attack caused widespread fuel shortages, price spikes, and panic buying across the eastern US, as well as national security concerns. The company reportedly paid $4.4 million in ransom to the attackers, but later recovered most of it with the help of the FBI.
- Oldsmar water treatment plant hack: In February 2021, a hacker remotely accessed the computer system of a water treatment plant in Oldsmar, Florida, and attempted to increase the level of sodium hydroxide (lye) in the water supply by a factor of 100. The hacker used a software program that allowed remote access to the plant’s OT systems, which was shared by multiple users and had a weak password. The attack was detected and stopped by an operator who noticed the change in the chemical level and reverted it to normal. The attack could have potentially harmed thousands of residents who rely on the water supply.
- SolarWinds supply chain attack: In December 2020, it was revealed that a sophisticated cyber espionage campaign had compromised the software supply chain of SolarWinds, a US-based IT management company. The attackers inserted malicious code into the software updates of SolarWinds Orion, a popular network monitoring tool used by thousands of organizations, including government agencies and critical infrastructure operators. The malicious code allowed the attackers to gain remote access to the IT systems of the affected organizations, and potentially to their OT systems as well. The attack was attributed to a state-sponsored actor, and is considered one of the largest and most impactful cyberattacks in history.
OT Cyber Security Incidents in Australia
Here are some examples from Australia:
- Nyrstar Port Pirie ransomware attack: In January 2021, Nyrstar, a global metals producer, was hit by a ransomware attack that affected its IT and OT systems, including its smelting operations in Port Pirie, South Australia. The attack disrupted the production and delivery of zinc, lead, and silver, and caused significant financial losses. The company did not disclose whether it paid the ransom or how it restored its systems.
- Toll Group cyberattacks: In 2020, Toll Group, a major logistics and transport company, suffered two cyberattacks that impacted its IT and OT systems, as well as its customers and suppliers. The first attack in January was a ransomware attack that encrypted the company’s files and demanded a ransom for decryption. The second attack in May was a data breach that exposed the company’s sensitive information, including employee details and commercial contracts. The attacks forced the company to shut down some of its online services and switch to manual processes, affecting its delivery operations and customer service.
- Western Power phishing campaign: In 2019, Western Power, a state-owned electricity provider in Western Australia, was targeted by a sophisticated phishing campaign that attempted to compromise its OT systems. The attackers sent malicious emails to the company’s employees, posing as legitimate contractors and suppliers, and tried to trick them into clicking on links or opening attachments that contained malware. The company detected and blocked the attack, and reported no impact on its power supply or network operations .
How Sekuro can help OT Cyber Security Challenges
Sekuro is a trusted partner for OT security, offering a comprehensive and tailored solution that addresses the specific challenges and needs of OT environments.
Conclusion
OT cyber security is a vital and urgent issue that affects the safety, productivity, and quality of many industries and sectors. OT systems face unique and complex challenges that require specialized and holistic solutions.
Sekuro offers a comprehensive and tailored service that helps you to manage and mitigate your OT cyber security challenges. Contact us today.
Selling the Strategic Imperative of Zero Trust to Your Board
In conversation with Nathan Wenzler, Chief Security Strategist at Tenable (Part 2)
