Good and Bad Connections
Once upon a time, OT networks were segregated from all other networks, such as IT — specifically to increase reliability. This made sense, given that networks weren’t as reliable as they are today, and like Christmas lights, companies didn’t want — or couldn’t afford — one blown fuse taking out the whole strand.
Fast forward to the present day and much has changed. Enterprise resource planning (ERP), digital transformation (DX), the cloud, and most recently, the need to work remotely have combined to drive companies further along the path of connecting their OT networks with the goal of eliminating operational silos, increasing visibility, and making their employees’ lives easier. In this sense, connections are good.
OT networks control critical operations and infrastructure like manufacturing plants, transportation networks such as trains and planes, nuclear power plants, and so on. IT networks are used for email, cloud apps, legitimate web browsing and, as a result, are susceptible to countless known and unknown attack vectors from any place in the world. When we connect OT to IT, we make them equally vulnerable. So, connections also are bad.
Here are just three examples out of thousands where adversaries compromised credentials on IT networks, and then pivoted to OT through such a connection, resulting in catastrophic business and societal consequences:
- June 2017: An attack using Petya malware was directed at the Ukrainian government and spread into the IT networks of many global companies. In the case of pharmaceutical giant Merck, it quickly spread to the manufacturing lines (OT), taking them offline for weeks. The company reported $1.3 billion in losses.
- February 2021: Cyberattackers breached a U.S. city water department and increased the amount of sodium hydroxide (NaOH) in the system by 11,100%. NaOH is used in very small quantities to control acidity, but at these massive levels, it becomes a highly caustic drain cleaner (check the Drano under your sink). Fortunately, the change was noticed and corrected immediately.
- May 2021: Colonial Pipeline suffered a ransomware cyberattack that shut down 45% of the fuel supply for the Eastern United States for a week and caused extensive ripple effects, including the the public’s panic buying of gasoline.