Cyberattacks Strike Infrastructure and Manufacturing
Infrastructure and manufacturing concerns pose tempting targets for cyberattacks. When considering Cyber Security first thoughts usually go to computers and information technology, but industrial devices and processes can fall victims to attacks. On February 18, 2020 the Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) reported on a cyberattack that effected the Operational Technology (OT) of a natural gas compression facility. This event led to a controlled shutdown that lasted for about two days. The attack involved ransomware using a Spearphishing Link. The event was finally rectified when replacement equipment was installed and configurations reloaded. Perhaps the biggest takeaway from this event is that the facility’s emergency response plan focused on physical emergency scenarios and that no plan was in place for cyber incidents.
A Large and Serious Problem Not Easily Solved
Most industrial sites were constructed before the age of cybersecurity. Where information technology has been introduced, legacy systems are often in place with little or no IT support. Many facility managers or maintenance personnel have insufficient expertise in IT and requisite cybersecurity protocols. This has created systems with high vulnerabilities that are extremely difficult to secure. These type of attacks have occurred at petrochemical facilities, and even nuclear power plants, making this a very real threat beyond the immediate sites.
While remedying technology security deficiencies and addressing critical personnel IT shortages are necessary, developing effective cybersecurity management systems capable of handling massive and complex systems is a more critical and less easily solved problem. This would involve developing a fully comprehensive analysis of vulnerabilities and development of risk management based strategies. It would also involve extensive incident mitigation planning. While cybersecurity management systems such as ISO 27001 exist, implementation of an effective program for a complex industrial site requires serious effort and planning to undertake.
CVG Strategy consultants provide training to make your entire team aware of cyberattacks and how to employ processes to prevent these threats. We can assist with reviews of policies, risk assessment approaches, and best practices to build management systems capable of handling complex cybersecurity requirements.