IT Network Attacks Can Impact Your OT Networks, Too

On May 8th, I was at a gas station filling up my car before a trip I was taking when the news about a cyberattack against a large pipeline company broke. The attack led them to halt all operations. Ultimately, the incident stemmed from a ransomware infection in which a well-known threat actor took volumes of corporate data in just two hours and made their demands including the threat to block and encrypt the company’s network. They even threatened to release the data to the internet. This was a moment of reckoning for the company and a scary place to be.

From IT to OT, a Possibility

This ransomware referenced above reportedly affected the pipeline company’s corporate IT network, not its OT network. Therefore, it did not affect fuel distribution operations directly. However, as a measure of precaution, the company halted operations. Taking certain systems offline is a good preventative measure, as it’s possible for threat actors to gain access to OT environments laterally from IT environments. This practice is becoming commonplace as a result of the IT-OT convergence. Regardless, this is another example of the fact that IT attacks can impact industrial operations. In a larger context of industrial operations and critical infrastructure, these cases can lead to all sorts of socio-economic problems that directly impact the lives of many people.

The ransomware event at this pipeline company underlines the urgency for critical infrastructure operators to safeguard their operations and OT. While attacks on critical infrastructure are rising, even in the case where operational disruption is not the attackers’ main goal, these cyber events are oftentimes having an impact on availability and safety. On the heels of the Biden administration’s 100-day plan to address U.S. energy infrastructure, this attack puts the need for industrial cybersecurity into focus yet again. Rightly so.

ICS a Growing Target

Cyberattacks against industrial networks are not new. There have been several examples of large-scale attacks in the past. Organizations are slowly preparing and implementing controls in order to detect, prevent and recover from such attacks. However, while digital transformation, industrial automation, Industrial Internet of Things (IIoT) and the IT-OT convergence are driving a more integrated approach to operations that offers many benefits, it’s expanded the possibilities of new vulnerabilities and attack vectors. The ability to move laterally from IT to OT or OT to IT is something organizations have to account for in their cybersecurity strategy. A separate IT and OT cybersecurity strategy will no longer suffice.

Reduce Threats and Recover

It’s widely accepted that it’s not whether you’ll be hit with a cyberattack but when. You can’t avoid all attacks, and you need to think about how quickly you can react and recover once you suffer an incident. Towards that end, here are some critical security controls that you can put in place to prevent attackers and malware from getting a foothold on your systems:

1. Harden your OT and IT assets with a collective hardening strategy that includes secure configurations and vulnerability management.
2. Employ continuous controls that detect change and anomalies and not just provide alerts.
3. Enforce policies not just for the sake of compliance but also for security using standards from NIST, NERC and ISA.
4. Ensure your interconnected devices and IIoT-type devices are also secure.
5. Make sure your systems are able to provide you with a unified view into both IT and OT.
6. Implement clear role-based access controls.
7. Secure your IT-OT convergence and network to cloud/internet access points.

It all starts with visibility. You cannot protect what you cannot see. The oil & gas industry should also consider following their utilities counterparts and implement NERC-CIP-like controls to safeguard their assets/networks.

If you do not have adequate/sufficient resources, consider using a managed services offering like Tripwire’s ExpertOps. Tripwire solutions are designed to provide both IT and OT controls to enhance, augment and improve your cybersecurity posture. With Tripwire’s suite of integrated solutions, you can easily extend your IT controls into your OT network and OT controls into your IT networks, thus providing you with a unified view and approach to cybersecurity that helps to avoid incidents that can cause you irreparable damage.

You can find out more about Tripwire’s solutions at www.tripwire.com.