January 24, 2023
Among their latest tactics, cyber threat actors are increasingly exploiting cybersecurity gaps caused by the convergence of IT and OT networks. Growing numbers are successfully penetrating Supervisory Control and Data Acquisition (SCADA) and other industrial control systems (ICS), shutting them down, and holding operations hostage until victims make hefty ransom payments. The secret to this cyber threat actor success is straightforward. While IT and OT convergence provides tremendous benefits when it comes to efficiency and productivity, it also exposes critical infrastructure owners to much greater vulnerability absent appropriate assessment and remediation. Most decades-old SCADA and other ICS that comprise OT networks – now linked to the Internet for the first time – were not built with cybersecurity in mind.
Enterprising threat actors know this and see the infiltration of IT and OT networks as an easy path to cause all manner of mayhem. That mayhem may include Distributed Denial of Service (DDoS) attacks and outright takeovers of unprotected systems that bring operations to a standstill. Threat actors likewise can remotely manipulate Industrial Internet of Things (IIoT) technologies to cause equipment malfunctions that result in serious property damage, bodily harm, and even environmental pollution. What makes each of these scenarios so pernicious is that they often need only threaten harm to successfully extort money from target companies.
Given the incentives at play, critical infrastructure companies today are at significant risk of loss, with one recent survey estimating an IT and OT network breach rate of 80% (over two years) across multiple industry sectors. Industry experts have observed that the highly digitized and connected nature of these companies makes them “arguably now more at risk than at any point in living memory.”
The recent SolarWinds Orion event serves as a powerful case in point. Risks to OT systems vary because cyber threat actors themselves vary. They come with different levels of sophistication, motivations, and resources. Every few years, however, the critical infrastructure community encounters a significant new event that underscores the vulnerability of the IT and OT digital assets they share in common. While not involving OT systems, the SolarWinds event nevertheless illustrates that a cyber incident need not be a “smash and grab” affair.
Threat actors likewise can remotely manipulate Industrial Internet of Things (IIoT) technologies to cause equipment malfunctions that result in serious property damage, bodily harm, and even environmental pollution.
On the contrary, a determined adversary can expend significant time and resources to plan and execute a systemic attack. In fact, well-organized threat actors often exploit weaknesses with the goal of quietly gaining information about a company’s operations that can be leveraged later. In addition, the SolarWinds event involved the targeting of widely deployed technologies used across many sectors, a deliberate strategy designed to lead to maximum damage. Going forward, all infrastructure sectors should recognize the potential impacts of motivated threat actors targeting OT environments and should evaluate and bolster their preparedness postures accordingly.
Kevin Edwards, 703-653-0596, firstname.lastname@example.org