Anyone who has engaged with the world online knows that hackers and cybercriminals are out there, just waiting to steal user credentials, download malware onto your laptop, or see how much you’ll pay to get your private files back in a ransomware attack. But what many don’t quite see is the even more dangerous cyberattacks that target operational technology (OT) environments like energy infrastructure, food distribution, medical facilities, and other public-facing services.
Declaring Cyberwar on the Physical World
These cybercriminals are increasingly engaging in cyberwarfare on the physical world, and Gartner predicts that by 2025, they will have weaponized OT environments to harm or kill humans as their main objective. These attacks go far beyond just stealing or corrupting data. They impact the hardware and software systems that control large equipment and provide wide-ranging services to people. Gartner outlines three key objectives of these OT security attacks, including:
- Physical harm (to people and facilities)
- Commercial vandalism (to reduce productivity)
- Reputational vandalism (making a manufacturer unreliable in the public eye)
It is predicted, furthermore, that casualties from these attacks could have financial impact of over $50 billion, and cause significant losses for companies in terms of insurance, litigation, compensation, fines from regulatory agencies, and lost reputation.
Cyberattacks on OT Environments Growing
OT hackers can penetrate systems by using phishing emails to penetrate security at critical facilities, for example, installing malware, then manipulating internal control system (ICS) functions to change pressure sensors, valves, motors, and other equipment. If a worker does detect any damage, they may mistakenly just assume it’s an equipment failure or maintenance issue. Some examples:
- An attack on the Colonial Pipeline, which provides 45 percent of the fuel used by the East Coast in the US, disrupted gas supplies up and down the eastern seaboard for days. Still, the damage could have been even worse if the attackers had been able to gain access to the industrial space and threaten physical safety. OT systems in this case were shut down to prevent that access.
- In 2021, hackers were able to remotely access a water treatment plant in Oldsmar, Florida, near Tampa. They were able to change the levels of lye in the drinking water (fortunately only for a short time), until an operator at the plant saw the chemical levels changing on his monitor as the hacker was altering them, and shut down the access.
- A ransomware attack in 2020 on Universal Health Services, which operates 400 hospitals and behavioral health facilities in the US and the UK, wiped out its IT systems almost completely. The phone system was taken down, and without digital access to patient health records, workers were forced to use pen and paper to record critical patient information. Ambulances had to be diverted and some elective procedures were postponed or diverted to other health care providers. The recovery process took three weeks and had a financial impact of over $67 million.
Improving Operational Technology Security Controls
In the face of this growing cyberwarfare on OT environment, Gartner recommends a series of security controls to improve a facility’s security posture and prevent digital attacks from impacting the physical world. Included in this framework:
- Properly Define Roles and Responsibilities: Each facility should have an OT security manager responsible for assigning and documenting security roles and full responsibilities for all workers and managers.
- Train and Build Awareness: Ensure that all OT staff have the required skillsets for their particular roles, and train them to recognize potential security risks, attack vectors, and how to respond to them.
- Build an Incident Response Plan: Make sure that each facility puts together and maintains an incident management process that spans preparation, detection, containment, eradication, recovery, and post-incident activity.
- Backup and DR: Ensure backup, restore and disaster recovery procedures are active. Be sure not to store backup media in the same location as the core system, and protect backups from unauthorized access and misuse.
- Manage Portable Media: Portable storage media like USB drives and laptops should be scanned, regardless of whether it’s an internal or third-party worker.
- Perform Inventory of Assets: Keep a constantly updated inventory of all OT equipment and software.
- Segregate Networks: OT networks should be physically and logically separated from each other, both internally and externally, and network traffic should travel through a secure gateway.
- Automate Logging and Real-time Detection: Create an automated logging process, review potential security events, keep log retention times and protect against tampering or editing.
- Develop Secure Configurations: Standardize and deploy secure configurations for endpoint devices, servers, networks, and field devices. Anti-malware programs should be installed and enabled on all OT components.
- Create a Formal Patching Process: Qualify patches by the equipment manufacturer before deploying to the facility, and only deploy to suitable systems and with the right frequency.
Get skilled in Cyber Security and beat hackers in their own game with the Certified Ethical Hacker Training Course. Enroll now!
Conclusion: Fight Back With Certified Ethical Hackers
When OT environments get attacked, the danger can stretch all the way to human safety. One of the best ways to protect against such weaponized attacks and cyberwarfare is to employ and upskill cyber security personnel. The Certified Ethical Hacker (CEH) is trained to investigate vulnerabilities in target systems and use the same techniques as malicious hackers, but in a legitimate and legal manner. They could be your first and last line of defense in these increasingly dangerous times of cyberwarfare.