Exploring the cyber attack weaknesses with industrial and infrastructure OT networks: identifying the points of cyberattack

Infrastructure business Operational Technology (OT) network components are under attack but do not receive the publicity that business data theft and ransomware attacks receive. Operational Technology includes industrial control systems (ICS – the computers that control the industrial and infrastructure processes) and the programmable logic controllers (PLC - the embedded computers that operate the valves and switches in the industrial and infrastructure processes.

OT systems are seeing an increasing number of IoT devices installed for autonomous control of a specific element of the process. Often IoT devices are Internet connected to provide data for a supervisor. IoT devices generally have weak security. ICS computers receive commands and provide reports to IT information systems that are responsible for managing the business. Often the interface between IT and OT is via the Internet.

Two groups are attacking infrastructure business operational technology (OT) networks for different purposes

Cyber criminal groups who disrupt OT networks with the objective of using ransomware plus other methods for blackmail and extortion. An attack that is reported such as an oil pipeline closure is an example of OT network cyber attack. State sponsored hackers of unfriendly governments have infiltrated OT networks and planted software for external control (remote access Trojans - RATs) with the objective or applying political pressure by disrupting infrastructure service to prevent retaliation after the unfriendly government initiates a military attack.

Of the two groups, the most serious is the state sponsored hackers who have already infiltrated infrastructure business OT networks and have installed remote access Trojans. At the command of a dictator, the power grid, water and sanitation, and food logistics networks in the USA and the EU can be disrupted as a method of attack.

The US government is already well aware of the state sponsored hacker infiltration into OT networks

Government agencies, including the Cybersecurity and Infrastructure Security Agency (CISA) have been advising infrastructure businesses for some time to improve their cybersecurity protection. The concerns of CISA and other government entities are that many OT systems have only basic security that hackers can easily bypass. Weak or default passwords are used for ICS and PLC remote access, and interfaces between IT and OT systems lack strong cybersecurity protection. The managers of OT systems have many concerns in addition to cybersecurity that include plant safety and assuring service availability.

There are several points of attack into the OT network

An attack through the Internet facing network can reach ICS, PLC and IoT devices. An attack through the business IT infrastructure can reach the OT systems Interface. There are 3rd party suppliers who interface both with the OT and IT networks and an attack can enter through their network systems. Some of the points of cyber attack entry are illustrated in the diagram.

There are several points of attack into the OT network

Upgrading OT systems cyber security should be the priority of all infrastructure businesses. All infrastructure businesses are at risk of an attack that will disrupt services. The attack may be from a criminal gang demanding a ransom, or from a politically motivated dictator who wishes to attack the USA or EU. Authonet Zero Trust technology is designed to protect IT and OT networks from the type of cyber attack described here.

Shop Authonet A300 and A1000 products exclusively at WISPzone.

Leave a comment

All comments are moderated before being published