Urgent Case for Cyber-Attack Prevention (v. Detect) in OT/ICS Networks

The recent FireEye and SolarWinds Hacks are in all the headlines changing the narrative for operational technology (OT) and industrial control system (ICS), IT, and cybersecurity teams. The COVID-19 pandemic and the recent oil and gas market crash have caused a considerable distraction and changed short-term priorities for these IT and cybersecurity teams throughout 2020. But as we head into a new year, one can make the case that these teams’ attention will return to the cybersecurity issue at hand, and 2021 and beyond will be the year(s) to focus on OT/ICS cyberattack prevention.

Looking at the FireEye and SolarWinds Hacks

FireEye publicly disclosed a sophisticated cyberattack early this month into its own systems by what it called “a nation with top-tier offensive capabilities.”

In a recent New York Times article, “The company said hackers used “novel techniques” to make off with its own [offensive hacking] tool kit, which could be useful in mounting new attacks around the world.”

“The hackers went to extraordinary lengths to avoid being seen and created several thousand internet protocol addresses — many inside the United States — that had never before been used in attacks.”

Investigators have called out units of the Russian military intelligence that have also perpetrated high-profile OT/ICS hacks on the power grid in Ukraine, on American municipalities, and for dismantling the industrial safety locks at a Saudi petrochemical plant, the very last step before triggering an explosion.

OT cybersecurity teams must expect that such sophisticated attacks on industrial control systems will be the new norm, rather than the exception.

A week later, FireEye discovered and exposed a supply chain type cyber-attack on SolarWinds’ Orion software that was used to deploy the Sunburst malware, also called the Solorigate malware by Microsoft. You can read more about this (Read more...)

*** This is a Security Bloggers Network syndicated blog from The Mission Secure Blog authored by Roark Pollock. Read the original post at: