The current threat situation for critical infrastructures and OT environments

Armis warnt vor NTLM Relay-Attacken

Otorio criticizes insufficient clarity on the difference between IT and OT security

In the past two weeks, no less than three significant OT Security incidents have been reported that affect critical infrastructures. Taken together, these incidents represent a “perfect cyberstorm” that encompasses the real legal, political, productive and business risks to which the OT networks are exposed. This concerns companies with critical infrastructure in general and energy companies in particular. These companies are repeatedly the target of attacks and therefore require continuous assessment, monitoring, mitigation and management of risks. Today, more than ever, fuel, oil and energy prices are on the move against the backdrop of the Russia-Ukraine war. The supply chain is affected by known and as yet unknown vulnerabilities.

Daniel Bren, CEO and Co-Founder of Otorio , explains the current threat situation for critical infrastructures and OT environments – and identifies fundamental deficits in their prevention and detection:

Daniel Bren, CEO and Co-Founder of Otorio

On March 24, the US Department of Justice published two indictments filed last year against alleged nation-state actors, in particular three Russian military officers and an employee of the leading research organization of the Russian Ministry of Defense. The defendants are accused of hacking hundreds of companies and organizations with critical infrastructure on behalf of the Russian government. These widespread attacks allegedly took place between 2012 and 2018 and affected thousands of computers in 135 countries.

In some cases, the defendants with a national background are alleged to have carried out malicious activities that pose a serious risk to the vulnerability of the supply chain. This is due to the alleged hacking of equipment and networks at critical infrastructures and energy companies. By using Havex malware packages, according to an indictment, they were able to “install backdoor access to compromised devices and networks”. The defendants are also accused of exploiting vulnerabilities in security software that allowed them to remotely run unauthorized programs on victims’ devices and networks.

In theory, the defendants could use it to control production and / or shut down business operations. The potential threat to supply chains and the impact on the public and businesses that rely on energy and critical infrastructure is enormous. According to the indictment, among other things, a nuclear power plant in Kansas was successfully attacked by three defendants by compromising the software and hardware of the ICS and SCADA system. The indictment claims that the targets of the attackers also included numerous oil and gas companies, utilities and power transmission companies.

These are alleged to be seven years of global cyber attacks on critical infrastructures by nation-state actors, a considerable number of which have been successful. They are a warning for the energy and utilities industry to proactively protect their operating technology.

Politics increases the risk

President Biden’s promise last week that the US will increase the supply of liquefied natural gas (LNG) to reduce Europe’s dependence on Russian energy will certainly increase the threat situation for US energy companies. In North America and abroad, these companies could face an increased risk of cyberattacks on their converged OT/IT/IIoT systems and networks.

Such risks, emanating from state or private actors, can adversely affect production operations and business continuity. Oil and gas companies need to be vigilant to protect their production operations and business operations.

Stricter compliance reporting

Finally, on March 15, 2022, US President Biden signed the “Cyber Incident Reporting for Critical Infrastructure Act of 2022”. The new law requires critical infrastructure operators to report cybersecurity incidents to the Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Homeland Security (DHS) within 72 hours. Ransomware payments must be reported within 24 hours.

This means that companies with critical infrastructures must adapt their security measures and their risk of cyber attacks and associated ransomware claims. The best option would be to move from a threat detection and elimination strategy to a risk management approach that allows you to proactively reduce the risk of production downtime and support business continuity.

What it all means

Nation states and private hacker organizations are currently targeting critical infrastructures and energy companies. In view of the ever-increasing threats, it is therefore crucial to mitigate the risks for digital security and cybersecurity in industry.

One of the best ways for critical infrastructures to deal with emerging threats from cyberwar outbreaks and direct cyberattacks by nation states or malicious actors is basic cyber hygiene. This means taking a proactive approach to assessing OT security risks, i.e. assessing the visibility of OT networks, analyzing threats and mitigating these risks.

Securing energy and critical infrastructure networks requires a different kind of approach to digital security and cyber security. Critical infrastructure operators and government agencies are becoming increasingly aware of the need for attack prevention tools designed from the ground up for OT ecosystems, with operational processes and business continuity as the top priority.

Tech Outsourcing | Dedicated Software Team

Ready to see us in action:

More To Explore
Enable registration in settings - general
Have any project in mind?

Contact us: