Insight
The Rise of Industrial Cyber Attacks
By ian bramson, global Head of industrial Cybersecurity
Recently, a surge of ransomware attacks has crippled critical American infrastructure, disrupted major supply chains and revealed that no firm—big or small—is safe from these duplicitous cyber attacks.
Recent Cyber Attacks in the News
Colonial Pipeline
One of the nation’s largest pipelines, Colonial Pipeline, was forced to shut down after being hit by the cyber criminal group, DarkSide. In an effort to contain the breach, Colonial Pipeline was forced to shut down its 5,500 miles of pipeline, which carries 45 percent of the East Coast’s fuel supplies. A ransom payment of $4.4 million was made to DarkSide as executives were unsure how badly the cyberattack had encroached on its systems, and consequently, how long it would take to bring the pipeline back online. Once they received the payment, the hackers provided Colonial Pipeline with a decrypting tool to restore its disabled computer network.
JBS USA
The world's largest beef supplier, JBS USA Holdings, Inc. (JBS), has also been hit with a ransomware attack, threatening the U.S. meat supply. The company maintains 11 beef processing facilities in Australia and 26 chicken processing plants in the U.S. With this hack coming less than four weeks after the Colonial Pipeline cyber attack, the company was forced to take systems offline. The Federal Bureau of Investigation (FBI) continues to work diligently to bring the threat actors known as “REvil” or “Sodinokibi” to justice. Ultimately, even with the majority of operations back up and running, JBS paid an $11 million ransom to the cyber criminals.
Water Treatment Plants
Earlier this year, hackers used remote access software to elevate the amount of sodium hydroxide (lye) at a local water plant in Oldsmar, Florida. The attack was stopped before the water levels changed, saving the community from dangerous exposure. In addition, recent reports announced that another water-related breach took place in January in the San Francisco Bay Area. The ongoing investigation states that programs used to treat the facility's drinking water were deleted, with the hack going unnoticed for a full day.
Is this the new normal? That’s the question business leaders have. No industry is safe in a world where connectivity drives business.
These cyber attacks have far-reaching implications not only in the oil and gas market but across several industries, including chemicals, marine, offshore, power and energy and industrial manufacturing, among others. These strategic attacks are an example of how cyber criminals can swiftly disable operations and negatively impact businesses, the public and a Nation’s economy.
Recent Cyber Updates and Policies
- President Biden signed an Executive Order to improve cybersecurity that stated, "The private sector must adapt to the continuously changing threat environment."
- The Transportation Security Administration (TSA) announced a new policy that requires pipeline operators to report cyber attacks to the federal government within 12 hours.
- The White House released a memo to corporate executives and business leaders urging them to take immediate steps to protect against ransomware risks.
- The U.S. Department of Justice announced it will give ransomware attack investigations the same priority as terrorism attacks.
How Market Changes are Increasing Vulnerability
Organizations are facing increasing operational risks as cyber threat actors shift focus from the Information Technology (IT) networks that run business systems to the Operational Technology (OT) networks that control industrial operations. The next step for industrial companies is to proactively prevent operational disruptions that could impact our critical infrastructure. Don't join the list of organizations that don’t realize that they have been hacked until it’s too late.
Three (3) Fundamental Shifts
First, cyber criminals have begun to move their attacks from traditional IT networks – those made up of the servers, computers and mobile devices that enable business operations – to OT targets, which are the machines, systems and networks that are directly used at facilities, vessels, plants and in operations. Essentially, these are physical infrastructures and digital inputs that are integral to sustaining operations and business.
OT is a new kind of prize for cyber attackers. Instead of stealing and manipulating data, cyber attackers now want to take direct control of your operations. This includes shutting down, over-speeding, overloading and disrupting networks, systems and equipment fundamental for your daily operations. When exploits occur at any point on the OT network, threats can easily spread to other devices in the system. Industrial cybersecurity is now an operational and safety risk.
Second, many organizations are embracing the digitalization of their operations. Digitalization promises significant increases in efficiency and profitability through the modernization of technology, advanced analytics and automation. Although it represents a competitive advantage in the market, it also brings new cyber risks. Connectivity increases as more sensors, devices and the Industrial Internet of Things (IIoT) are added to the operational network. This expands the potential points of exploitation for attackers.
Third, cyber attackers are realizing that OT systems present the ability to have critical impacts. They can expand from not only stealing, disrupting and destroying data, to directly impacting critical operations and safety. These not only raise the profile of their attacks but increase the profitability and value of their exploitations.
Cyber Hygiene: Five (5) Guidelines for Your Organization
-
Take Industrial Cyber Seriously – Industrial cybersecurity is a business imperative. It is as important to your growth as any strategic investment. Make sure you have the program, investment and capabilities in place to minimize your OT cyber risk.
-
Know What to Protect – Make sure you have a robust and automated asset inventory and management system. This will let you know what you need to protect, and what systems are interconnected.
- Manage Your Vulnerabilities – Once you know what to protect, know the holes in your defenses. Prioritize those holes and close them.
- Cyber Starts at the Beginning – Cyber protection begins at the concept phase. Make sure security-by-design and supply chain risk management is a core part of your new construction and expansion.
- It’s Сòòò½ÊÓƵ Visibility and Control – Make sure you have a robust monitoring and response program. Without these, you’re flying blind.
- Find the Right Partner – Industrial cyber maintenance and protection is a challenge. It takes domain expertise and a solution built specifically for the OT environment. OT cyber is likely not your core business. Find a partner who has the experience and expertise in OT cyber to minimize your risk.