Protecting your operations technology and industrial control systems
Safety is a top priority for companies in the industrial and manufacturing sector, and plant managers often serve as the first line of defense. But while the longstanding risks associated with plant operations remain – typically personal safety and process safety issues, such as worker accidents or equipment malfunctions – a new, alarming threat is becoming more prevalent: Ransomware attacks.
Businesses, organizations and individuals in the U.S. fell victim to 65,000 ransomware attacks last year, which translates to more than seven an hour, as reported by National Public Radio. The frequency and danger of these attacks are only expected to grow. In fact, according to NBC, the White House is moving to treat ransomware attacks as a national security threat due to the risks they impose on critical infrastructure. This new approach includes the Department of Justice coordinating its ransomware attack investigations with similar protocols it currently uses for terrorism cases, as reported by Axios.
Scan recent headlines for examples of how ransomware attacks can wreak havoc: Colonial Pipeline was hit with a near $5 million ransomware attack on May 7, shutting down the country’s largest pipeline and causing gasoline shortages in southeastern states; the Washington Metropolitan Police Department fell victim to the worst known ransomware attack on a U.S. police department on May 13, resulting in the release of thousands of sensitive documents; JBS experienced an $11 million ransomware attack on May 30, shutting down nine beef plants for the world’s largest meat processor and creating supply disruptions across the nation. These are simply to name a few.
Our vulnerability to ransomware attacks has not recently changed. Rather, it’s been years in the making. Over the years, companies and institutions have steadily integrated their information technology (IT) and operational technology (OT) to correspond with improvements in computer networking technology. This shift has streamlined processes for organizations, but at a cost.
Previously, IT and OT networks were commonly air-gapped – a measure that physically isolates networks from one another. This separated the infrastructure of business IT and plant assets, eliminating the chance for one compromised network to impact the other. Since the turn of the century, a steadfast push to use modern computer networking technology to its fullest capacity — specifically, Ethernet—has seen businesses transition away from air-gapping networks and instead turn to connecting every facet of their operation, spanning from enterprise resource planning systems (ERP) to sensors on the plant floor.
This new approach has connected all islands of plant automation via Ethernet, which, in turn, makes networks more susceptible to ransomware attacks. Increasing network interconnectivity heightens the vulnerability to and severity of exploits because there are more opportunities for bad actors to gain access to your network. Today, a single exploit can compromise your entire network. The problem is further compounded by greater use of industrial internet of things (IIoT) devices, which is driving Ethernet (i.e., interconnectivity) to all corners of the manufacturing space.
This is the new nightmare for today’s plant managers as well as a critical problem facing our country at-large. In the pursuit of streamlining operations, companies are simultaneously becoming more interconnective and more at-risk – ransomware attacks do not only impact your company’s bottom line, but also threaten the health and safety of employees and the public, as loss of control over any industrial operation would. While the risks of worker accidents or equipment malfunctions are more easily imagined, ransomware attacks are equally perilous and require adequate precautions.
Don’t leave your operation vulnerable. This new type of threat is just as critical to the safety of your operation as personal and process safety. Contact SSI’s cybersecurity program for ISC/OT to ensure you are prepared to defend against ransomware attacks.