All are connected to the network, and many include software that enables those systems and devices to collect data and communicate it back to operations centers. This includes everything from signaling solutions to sensors and brake unit devices. Train systems rely on a variety of critical OT systems that integrate with IT systems. Iran has not been forthcoming about the details of this attacks, leading security researchers to form their own hypotheses. In July, Iran Railways had to shut down its train system due to a hacking group named Indra infiltrating an IT system and spreading malware known as MeteorExpress. Iranian Railways: A lesson in supply chain vulnerability management Visibility solutions can even help identify vulnerabilities, and how a malicious actor could use these vulnerabilities to disrupt operations. Visibility solutions can help organizations identify their assets, where they are deployed on the network, if they are connected to the internet, and how they can be controlled. The use of remote access has increased since the pandemic, so organizations need to ensure that only approved remote access connections are allowed by continuously monitoring communications such as VNC, SSH, RDP, and others.įortunately, the Oldsmar water treatment plant was able to prevent more damage from the attack because of their alert employees, but many other OT systems in similar treatment plants may lack the visibility security teams need to identify these attacks.Īs OT environments undergo digital transformation, it is imperative to maintain visibility into these networked devices. The attack vector used in this incident was reportedly a remote connectivity tool called TeamViewer. Someone remotely accessed the system, but employees thwarted the hacker from moving laterally into other IT infrastructure. In February, water treatment plant employees noticed that sodium hydroxide levels were rapidly rising on their computer screens. The water treatment plant in Oldsmar, Florida: A lesson in visibility Detected threats can be forwarded to SIEM/SOAR systems for investigation or to trigger automated response actions. This sort of approach requires network monitoring and enforcement tools to identify current network communications, to detect threats and violations and to enforce segmentation rules. When an incident is detected on the IT network, compromised devices should be quarantined and all communication between IT and OT should be blocked. For example, the communication of programmable logic controllers (PLCs) can be analyzed at the packet level to detect anomalies or signatures of known attacks. With a better understanding of how IT and OT networks are connected and are communicating, security teams can respond to threats more quickly. For example, there is no reason why field devices should be able to communicate with IP security cameras. Once Colonial Pipeline knew its IT operations were affected, it chose to proactively take its OT systems offline to prevent the attack from spreading.Īs IT and OT networks continue to converge, organizations need to understand how these networks are connected and take the appropriate steps to protect high-risk assets. When Colonial Pipeline CEO Joseph Blount testified before the US Congress, it was revealed that the attack was completely avoidable Blount admitted that the hackers, the Darkside ransomware group, gained access through a VPN that did not require multifactor authentication.Īlthough Darkside took control of Colonial Pipeline’s IT systems, network segmentation limited the impact of the attack on Colonial Pipeline’s operations. The Colonial Pipeline ransomware attack was one of the most significant attacks in 2021 because it caused a gasoline shortage crisis. Colonial Pipeline: A lesson in network segmentation In each instance, there are key OT security lessons to be learned, so that other organizations can avoid repeating history. The Colonial Pipeline, Oldsmar water treatment plant, and Iranian Railways incidents are etched into our memories because of their real-world impact, but the headlines only tell part of the story. What do an oil pipeline, a water treatment plant, and a railway system have in common? They each rely on operational technology (OT) environments, and they were all victims of cyber attacks that generated headlines around the world.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |