industry unlocked
PROTECTING UTILITIES AND CRITICAL INFRASTRUCTURE FROM THE GROWING CYBERSECURITY THREAT
Cyberattacks against critical infrastructure and the utilities market are growing in sophistication and frequency . David Stroud , GM of Europe / APAC , NanoLock Security , discusses why decisionmakers in critical infrastructure need to invest in cybersecurity for the OT , now .
yberattacks against
C critical infrastructure and the utilities market are growing in sophistication and frequency . From Colonial Pipeline to water treatment and energy plants across the world , the reality is that there is no way to know where the next attack will come from , and often , critical infrastructure have outdated IT and OT management processes that leave open crippling vulnerabilities . Attractive targets like these require a last line of defence integrated directly into OT infrastructure to protect against persistent cyberattacks . Simply shutting down OT systems because the IT has been breached is not a viable option for entities responsible for providing basic needs like water and power to entire communities and regions .
Critical infrastructure attacks : From cautionary tales to imminent threats
The Colonial Pipeline breach was a wakeup call regarding the severity of impact that ransomware attacks can levy on the energy industry . The breach impacted not only the business operations of Colonial Pipeline , but had a trickle-down impact on regional economies , creating widespread shortages , price hikes and consumer panic . But not every breach is as highprofile as Colonial Pipeline . In fact , utilities , water treatment and power plants all over the world have faced increasing cybersecurity threats for years .
In May 2020 , UK-based Elexon , responsible for overseeing payments between UK power station operators and companies that provide electricity supply to consumers and businesses , was the victim of a ransomware attack that stole important internal data . The vulnerability resulted from the organisation running an unpatched version of a VPN from a supply chain software vendor who itself has recently been found to be the victim of a massive persistent ransomware attack .
It ’ s not just ransomware attacks for monetary gain that pose a threat to utilities . Bad actors , whether insiders or outsiders , looking to cause economic disruption or stir up societal panic are also a threat .
In 2014 , a phishing attack resulted in major damage to a German steel mill where credentials were stolen to gain access to the corporate IT network . After compromising the main network , the attack targeted the mill ’ s control systems . This resulted in failures that caused major damage to the mill ’ s blast furnaces . In 2018 , it was announced that the US electric grid , among other critical infrastructures , had been targeted by Russian state-backed hackers as far back as 2016 .
The rollout of more connected devices such as smart meters presents yet another attack opportunity for bad actors . Utilities and energy companies are now converging legacy OT devices onto IT networks , thereby opening them up as targets of the world ’ s most advanced and well-resourced hackers . In August 2020 , an Indian energy company which had just launched an
David Stroud , GM of Europe / APAC , NanoLock Security
44 www . intelligentciso . com