Danielle Jablanski, OT Cybersecurity Strategist at Nozomi Network, comments on cyber security, a year after the Colonial pipeline attack:
- There has been a full realisation that operations that tolerate little to no physical downtime are lucrative targets, and it seems as if nothing is off limits – food, hospitals, transportation – for threat actors and criminal groups.
- IT outage can cripple operations without directly impacting any operational technology.
- Risk mitigation requires a whole of business approach – exercises reveal all of the who what where when why of crisis control – often including non-technical stakeholders to determine the critical functions for business continuity.
- Threat actors are doing their homework and have surpassed the limitations of ‘security by obscurity’ – they are looking for single points of failure (might be a business or revenue component or a supply chain component or a trusted components in the architecture), extending dwell times, and maximising the potential to dupe operators into believing their activities are legitimate and authorised.
- Moving faster to use CVEs once revealed before end users can patch or mitigate.
- Ransomware gangs quickly designed repeatable attacks with a complete process for exploiting the vulnerability to encrypt files and extort payment. Organisations now realise the importance of maintaining a software bill of materials for their software applications so they can more quickly identify and remediate vulnerable systems.
- Populations served matter as much as, if not more than, supply chain dependence and sector-specific interdependencies.
- Going forward, our industry and global governance of cyber incidents requires better baselines – whether for systems’ behaviour learning, plausibility checks, security policies, supply chain understanding, and end users’ activities.
Vivek Ponnada, Regional Sales Director at Nozomi Networks, adds:
“Some were arguing why this shouldn’t be classified as an OT attack but the world moved on. TSA regulations and directives ensured, more executives saw the story and asked if they are at risk and practitioners got more funding they’ve been waiting for. All in all, progress! I often wondered what made Colonial and Oldsmar stick but not many others. My conclusion is something you know well – vivid stories and shocking images. Photos of people bagging gasoline and long lines to fill up etc., all make a difference.”
Read the article online at: https://www.worldpipelines.com/business-news/11052022/nozomi-networks-comments-on-the-anniversary-of-the-colonial-pipeline-hack/