Operational Technology Security: Weekly Update

17th November 2023

Steven Lane, OT Security Consultant

Overview

The Operational Technology (OT) security landscape is witnessing a significant transformation. Organisations are realising OT's unique challenges, distinct from traditional IT environments. This has led to a surge in targeted attacks, necessitating a strategic approach to OT cybersecurity. This weekly update highlights critical cyber incidents, underscoring the evolving threat landscape in OT.

1. Trends in OT Cybersecurity

An article published this week discusses these key trends:

• OT/IT Convergence: OT-specific attacks, using OT protocols, are on the rise. The correlation between IT and OT attacker footprints is increasingly crucial for security solutions.
• Geopolitical Factors: State-sponsored activities are increasingly targeting critical infrastructure, with nearly half of the observed traffic probing governmental bodies.
• Organizational Changes: Companies are creating new roles and departments to manage OT security, recognizing the need for specialized attention.
• Active Protection Measures: OT environments are shifting towards active protection strategies, moving away from traditional detect-and-respond approaches.
• Regulatory Impact: Increasing regulations are driving adoption and awareness in OT security, pushing organizations to adopt a multi-layered security approach.Read more

2. Major Cyber Incidents

• Denmark's CNI Attack: Denmark experienced its largest online attack against critical infrastructure in May. Unpatched vulnerabilities in Zyxel firewalls were exploited, affecting 22 companies. The incidents involved sophisticated coordination and possibly state-sponsored actors, including the Russian GRU's Sandworm operation. [Read more]
• Australia's Port Disruption: DP World Australia, a major ports operator, faced a serious cybersecurity incident, disrupting operations across several states. This incident highlighted the vulnerability of critical logistics infrastructure [Read more]
• Boeing's Data Breach: Boeing, a leading aerospace and defense contractor, suffered a data breach at the hands of the Lockbit ransomware group. Sensitive data was published online, demonstrating the threat ransomware poses to major industrial players. [Read more]

3. Other Notable Developments

Johnson Controls Cyberattack Delaying Earnings Report (November 13, 2023) Johnson Controls, a prominent player in the market, has reported a significant delay in its earnings report due to a cyberattack. This event highlights the direct impact of cybersecurity breaches on financial reporting and market dynamics

ICBC Hack and the Barclays Warning (November 15, 2023) Barclays has raised concerns over the cybersecurity risks associated with a proposed reform by the U.S. Securities and Exchange Commission. This follows the cyberattack on the Industrial and Commercial Bank of China's U.S. broker-dealer, showcasing the vulnerability of financial institutions to cyber threats

Lockbit Ransomware Spree: Henry Schein and Boeing Data Breach (November 10, 2023) The BlackCat/ALPHV cybergang, known for its ransomware attacks, disrupted operations at healthcare giant Henry Schein, with a considerable amount of data compromised. Furthermore, Boeing also fell victim to this group, with significant data exposure.

China's Proposal for Cybersecurity Checks (November 13, 2023) In response to the growing cyber threats, China has proposed cybersecurity checks for auditors if national security is involved. This move indicates a more proactive approach by governments to incorporate cybersecurity into national security frameworks.

Russian Cyber Attack on Ukraine Power Grid (November 9, 2023) Researchers have identified Russian spies as the perpetrators behind a 2022 cyberattack on Ukraine's power grid. This incident underscores the escalating cyber warfare tactics being employed in geopolitical conflicts [read more]

Australia's Warning: Rising Cyberattacks on Critical Infrastructure (November 15, 2023) The Australian government has issued warnings regarding a surge in cyberattacks, particularly by state-sponsored groups targeting critical infrastructure. This serves as a reminder of the increasing geopolitical dimensions of cyber threats [Read more]

4. Strategic Implications and Recommendations

• Holistic Security Approach: Organisations should integrate IT and OT security strategies, considering their convergence and interdependencies.
• Active Defense Mechanisms: Adopting active protection tools and strategies is critical for mitigating traditional viruses and modern cyber threats.
• Regular Updates and Patch Management: Regularly updating systems and patching known vulnerabilities can significantly reduce the risk of cyber attacks.
• Cross-Sector Collaboration: Sharing threat intelligence and best practices across sectors can enhance collective defence against sophisticated cyber attacks.
• Regulatory Compliance: Adherence to regulations and standards is vital for ensuring consistent and high-quality security measures across the globe.

Conclusion

This week's incidents and news underscores the growing sophistication and diversity of threats in the OT space. Organisations must stay vigilant and adapt their cybersecurity strategies to these evolving challenges. Staying informed and proactive is vital to safeguarding critical infrastructure and maintaining operational resilience.