Highly vulnerable - that is the expert comment by Max Rahner, Sales Director DACH of the cybersecurity provider Claroty, on the attack on the petrol station supplier Oiltanking and other fuel supply companies such as SEA-Invest in Belgium and Evos in the Netherlands.
Last week brought back memories of May 2021, when one of the largest oil pipelines in the USA had to be taken offline as a result of a cyber attack. Even if the current attacks on Oiltanking in Germany, SEA-Invest in Belgium and Evos in the Netherlands do not have the same consequences as the Colonial Pipeline incident, they are nevertheless extremely interesting and show us our vulnerability. Above all, they make it clear how important cyber security is in the supply chain.
The supply chain is vulnerable
Oiltanking operates 13 tank terminals in Germany and until recently was largely unknown to the German public but is part of the supply chain for large companies like Shell as well as many smaller companies. Even if all of these companies had already rolled out the best possible cybersecurity concept, they can still be hit by this attack on their supply chain in the form of Oiltanking. And this affects almost every industry: We had a similar scenario in the attack on the automotive supplier Eberspächer at the end of October 2021, which feared supply bottlenecks for heaters and exhaust systems.
Delivery bottlenecks as a further risk
Supply chain cybersecurity needs to become part of every organization's security and risk management approach. You need insight into the critical suppliers, their security approach and a business continuity plan. The new IT Security Act 2.0 already addresses this issue by extending the requirements for companies of significant economic importance to all their suppliers who are crucial for business continuity.
This is all the more urgent as the ransomware attacks are not expected to end anytime soon. Ransomware continues to promise huge financial gains for cybercriminals. In addition, there are tensions between states, in which cyber attacks are increasingly used as a tactical means. Recent research has shown that almost every second ransomware attack in Europe also disrupts operational technology (OT) and industrial control systems (ICS). Against this background, we will probably have to be prepared to get to know other previously unknown suppliers under inglorious circumstances.
More at Claroty.com
About Claroty Claroty, the Industrial Cybersecurity Company, helps its global customers discover, protect and manage their OT, IoT and IIoT assets. The company's comprehensive platform can be seamlessly integrated into customers' existing infrastructure and processes and offers a wide range of industrial cybersecurity controls for transparency, threat detection, risk and vulnerability management and secure remote access - with significantly reduced total cost of ownership.