The recent series of attacks on critical infrastructure in the U.S. and worldwide demonstrate how vulnerable our economy is. The world’s biggest meat producer, JBS, was hit by ransomware last weekend and was forced to shut down plants in the U.S. and in Australia for a couple of days. The impact can certainly be compared to the recent attack on Colonial Pipeline.
Attacks on large infrastructure companies have a direct impact on individuals and the economy. The new dimension of the cyberattacks that we are seeing recently is that they can result in shortages in supplies, which translates to rising prices in grocery stores, thus impacting the everyday consumer. Compared to usual ransomware or denial of service attacks, which have no or little impact on public life, the recent attacks on privately owned critical national infrastructure hit people where it really hurts. The direct impact on the availability and price of key consumer commodities raises fears and disrupts people’s daily life in a huge geographic region. Not many attacks on traditional IT systems would have such an impact on the economy.
Keeping the ongoing attacks on infrastructure in mind, I believe it’s hard to attribute these attacks just to bad luck or coincidence. Clearly, our infrastructure and economy are under attack. In the past, criminal organizations tried to stay under the radar and not draw too much attention from governmental organizations and intelligence agencies. Now, big game hunting seems to have become the new strategy—low-volume, high-return targeted attacks right in the spotlight of international media and security agencies.
Criminals have become impudent enough to go after the real big fish, regardless of if the local government perceives the action as a direct attack on a military level, resulting in the responsible agencies taking consequences. In fact, the recent cybersecurity incidents got escalated all the way up to the U.S. president, Joe Biden, who is expected to bring up the topic in the upcoming meeting with Russian president Vladimir Putin. The criminal group currently under suspicion is called REvil and operates out of Russia, just like DarkSide, the group behind the Colonial Pipeline attack.
Risks along the supply chain
Modern enterprises with a high degree of automation in their supply chain are heavily dependent on IT systems. For instance, a meat processing company like JBS cannot function without documentation, and an interruption directly results in legal obligations regarding food safety not being fulfilled. In recent decades, IT systems and production systems have moved closer together and have been interconnected to create the best possible efficiency and a high degree of automation in the supply chain. Interruptions of central architecture have a big impact on operations in the entire company. JBS had to shut down operations in the U.S. and in Australia. That could be a preventive measure or the result of limited ability to operate plants independently from centralized architecture.
Within big production networks, organizations should separate the systems as far as possible, allow legitimate traffic only, and create smaller network segments where malicious software can be isolated and contained if something goes wrong. Perimeter security alone is not sufficient, and there are various attack vectors. Organization should aim for a level of defense that keeps the bad guys out, but once a piece of malicious software finds its way into the organization, it must be contained in a smaller network area. Spreading across the organization, between IT and OT, or between different departments can be avoided with internal segmentation and internal network security.
The JBS incident has revealed problems in the agricultural and meat production sector, especially supplies depending on just a few big players. But from a cybersecurity point of view, we should expect the security level in that vertical to be like other manufacturing companies, which are also facing similar risks.A meat processing company like JBS cannot function without documentation, and an interruption directly results in legal obligations regarding food safety not being fulfilled.Click To Tweet
Time to take up OT security
Implementing IT and OT security is a continuous process that requires ongoing adoption of recent technologies to counter new and emerging threats. At the end of the day, it is a constant endeavor to stay a step ahead of cybercriminal organizations. The level of defense that is needed to protect enterprises against such an attack requires a multilayered technical concept with a variety of IT security solutions, in conjunction with user awareness training, appropriate documentation and emergency plans, and continuous reviews and improvements. But not all of that has to be implemented on the first day.
Organizations that are still at the very beginning of their IT security journey should get started as soon as possible and should not try to implement everything at once. My recommendation for OT networks is to begin with segmentation, work with internal firewalls instead of routers, review remote accesses, and implement a secure solution for internal staff and external maintainers to remotely access systems with encryption and multifactor authentication.
The IT side is part of the solution as well and requires high-level protection of user and server systems. Email is the most common attack vector in IT and the biggest threat. An up-to-date backup, which is separated from the production infrastructure and not vulnerable to ransomware attacks, is a key requirement for remediation, and that can be the difference between paying the ransom or not. So, this has to be addressed in combination with other IT security solutions. At Barracuda we help our customers with a dedicated industrial product line of CloudGen Firewall and best-in-breed email security, application security, and data protection solutions.