Natural Gas Facilities Disrupted by Ransomware Attack

Cyber ResilienceThis week it became public that multiple industrial facilities had interrupted operations due to ransomware attacks.

This led to a disruption of human-machine interfaces (HMIs), data historians, and polling servers, which were no longer able to process data from low-level industrial control systems (ICS). Human operators could no longer monitor processes, but the attack did not affect programmable logic controllers (PLCs) and the targeted organization never lost control of operations.

These were incidents that could have been prevented.

Segregation of IT and OT networks is a crucial security measure. But that is easier said than done…

Sure you can propagate a complete air gap but in reality that proves not to be practical strategy for the majority of companies. Firewalls are the right mitigation against cross-networks connectivity. Sounds like a straight forward solution: buy the hardware and licenses, install and done. Protection is in place! In practice however there is much more to managing this critical piece of infrastructure; the firewalls must be industry grade, configure following the default-deny principle and, very important, maintain them with patching and health assessments.

Make it periodic activity to review the configuration, policies and rules to ensure that your OT network is still properly separated. CR-Team can assist you with the review, assess your OT network for rogue access points, unauthorized remote access, unmanaged assets, active malware and other flaws in your protection.

Please reach out to us, we secure OT.

 

 

/door

Securing OT to enable operational continuity is important. Protecting safety is essential!

CR-Team has presented at the latest edition of the FERM-Rotterdam Port Cyber Café about the “impact of cyber on the OT domain”. After the difference between IT and OT security was explained using the CIA triad the focus shifted to the challenges of securing OT. The well known Triton attack was used to demonstrate and explain the methods and techniques of the  incident. A cyber incident in OT will likely have physical impact like for example the shutdown of machinery operations. But as the Triton example shows, it is very realistic that an incident can have impact on safety too. We must protect the health of our colleagues, neighbors and the environment. Let’s secure OT!

Please contact us if you would like to learn what we can do to enhance your resilience.

/door

Detect and remediate ICS vulnerabilities before they are exploited

Every year the number of reported ICS vulnerabilities increases with about a third. In an IT world that is cumbersome but can be solved with an -automatic- patch round or scheduled update. In OT however we are not this flexible and need to work with our vulnerable systems for a longer period, until the impact of the update is extensively tested. Even that does not have to be a problem either because we take additional security measures and protect the OT from threats from IT and internet.

But what if our additional security measures are not effective? Or if we have more vulnerabilities than for which we have designed mitigating controls? That is the real problem. The OT environment is left under-protected which causes business continuity and product quality to be at risk.

 

 

Statistics of we issues we find in an average OT environment show that no less than a third of the issues can be classified as high/critical risk. These are issues that need immediate attention.

If we breakdown these issues to their cause we get the following chart.

 

 

 

These ‘usual suspects’ are causing serious threat to your OT environment:

  • systems and packages are missing security updates (33%)
  • access control is failing. For example because of default passwords (admin:admin), hard-coded credentials and insecure remote access. (25%)
  • misconfigurations and insecure services are present (10%)
  • the network is not segmented properly and allowing unrestricted traffic (11%)

It is a huge task not only to know your vulnerabilities but also to understand the best way to solve them. This is the expertise of CR-Team and we can support you.

We will start with performing a full inventory of your OT environment, because: “We can not protect what we do not know”. After adding context and discussing what we found we will propose a security remediation plan. Through our structured project approach it will be clear who is responsible for the actions and when the end state is delivered.

Reach out to us if you want to know how we can help you.

/door