The term critical infrastructure means exactly what it sounds like: Electricity. Water. Hospitals. Transportation. You name it—critical infrastructure encompasses all the systems, assets, networks, and services that our society needs to function.
Cybercriminals are increasingly finding critical infrastructure an easy target for ransomware. This is scary stuff. Imagine losing access to power. Drinkable water. Telephone service. The list goes on.
October is National Cybersecurity Awareness Month, and this week’s theme is “Securing Our Nation’s Critical Infrastructure”, a topic I spend a lot of time talking to customers about. We hear a lot about the dangers of unsecured Internet of Things (IoT) devices, but, in my perspective, the risk of unsecured critical infrastructure and operational technology (OT), like power grids and utilities, is much scarier.
While both IoT and OT threats can cause major damage to an organization, risky OT operations can lead to severe, catastrophic damage—financially of course, but in some cases physically. I can think of three recent incidents that blew my mind, and surprisingly they each involved recipes. Don’t think recipes can be scary? Read on.
Recently, I was working with security leads at one of the world leaders in the automotive industry. They had an attacker try and hold one of their most popular paint recipes for ransom. The hackers threatened they had access to shop floor with the ability to remove the anti-rust component—a critical ingredient—from the paint make up, which would have caused billions of dollars of damage due to the rust recalls that would have been required. If that threat had been successfully executed, it could have caused significant credibility and brand integrity issues with this leading automotive company.
During another discussion with a colleague, I heard about another crazy OT hack involved a chemical recipe. These cybercriminals were able to steal this proprietary recipe information and try and sell it on the dark web which sadly happens quite frequently. Can you imagine if this data went out to the highest bidder and was in turn then able to create a fake, less superior duplicate for resell?
The third incident that comes to mind was a conversation with a major food and beverage manufacturer. This is another multi-billion-dollar business and this company had cybercriminals try and steal this highly sensitive, highly proprietary recipe data and hold it for ransom. This company, just like many, many others, would have easily paid the ransom to the cybercriminals versus suffering the consequences of losing its decade long secret recipes. The cost to the business if that recipe had gotten out would have crushed the manufacturer’s bottom line.
A common way that these hackers often times are getting in is through contractors and third-party vendors. Such companies typically install devices onto the network to make their jobs more efficient as they were hired to do, but IT often isn’t alerted that they are on the network or installing these network devices that allow communication from shop floor out to the web. The outside vendors come in, do their jobs and leave, but the devices remain, creating what we refer to as rogue devices. These unsecured rogue devices open windows for hackers to access the network and wreak havoc. They also allow the transference of data via open communication lines between the corporate IT and OT/ICS networks.
With vulnerabilities created by IoT, businesses fear that their data will be stolen or held for ransom, that privacy will be violated, or that their organizations will be inconvenienced by outages. But, with OT, businesses can literally be taken down at the knees, and people can be physically harmed.
Enough with the fear mongering – what can organizations do to keep themselves safe? It starts with visibility. You need to know what’s connected to your network at all times. Once you have that foundation in place, you need to be able to automatically manage those connected devices and ensure they aren’t providing open doors to your network for cybercriminals and this needs to be done 24/7.
For more information on how to keep safe, visit www.forescout.com/critical-infrastructure