Industrial and infrastructure operational technology (OT) networks are under attack. Infrastructure businesses include electrical power grids, gas supplies, water and sanitation and food delivery logistics.
The attacks to infrastructure come from two different groups.
- Cyber criminals seek to disrupt manufacturing or infrastructure processes for financial gain through blackmail and extortion. The business is aware of the attack as soon as the disruption occurs.
- State sponsored hackers target infrastructure businesses by installing software viruses called remote access Trojans with the objective of disrupting the operation of the business or sabotage at some time in the future. The attack might be on the order of a dictator who is seeking some military advantage. Infrastructure in the USA and EU has already been infiltrated with this type of attack; many infrastructure OT networks already have remote access Trojans installed.
Manufacturing and infrastructure OT systems have in most cases, weak cybersecurity protection. The Cybersecurity and Infrastructure Security Agency (CISA) and other US and EU government agencies has been warning infrastructure businesses about potential attacks and advising these businesses to improve cybersecurity by requiring stronger access authentication processes.
Unfortunately, OT networks have been infiltrated with remote access Trojans, that bypass inbound authentication; the communication is outbound to the cyber criminal group. In many cases it is too late to block an attack with improved authentication processes.
Infrastructure industry OT networks require upgrading with a firewall that allows only specified inbound and outbound IP addresses.
When the remote access Trojan attempts to communicate with the cyber criminal group the outbound message will be blocked. Any attempt by the cyber criminal group to re-access the OT network will be blocked. An alert should be issued to the OT supervisor when any attempt is made to communicate with an unauthorized IP address and the IP address should be logged for investigation.
The cybersecurity upgrade for infrastructure OT networks is urgent to prevent a foreign government disrupting or sabotaging US and EU infrastructure services.