Automation and digitization of operational processes bring many advantages to medium-sized companies, for example in terms of production flexibility or pricing for the market. But the more successful a company is, the more attractive it becomes for cybercriminals, for example for attempts at blackmail with ransomware. Here it is important to securely combine IT and OT security.
In terms of IT security, medium-sized companies are now well positioned. Surveys have sometimes shown that medium-sized companies in the IT security sector use up to 50 different security tools to counter all IT threats. With a well thought-out security strategy, the IT security area covers the internal business processes, protects communication with customers with e-mail and web traffic and generally secures the data in the form of archiving, backup or encryption.
However, many entrepreneurs are still of the opinion that the existing IT security also protects the important production. However, production machines and work networks require operative technology (OT) security, because classic IT security solutions are designed differently than OT security. A comment from Stefan Schachinger, Product Manager Network Security - IoT/OT/ICS at Barracuda.
What is OT security?
A network with OT security protects all devices and machines working in it, even if they work with the most exotic operating or control systems. Because it is usually simply not technically possible to bring protection software or an agent onto the machine. But if a machine is able to speak "IP" (Internet Protocol) through an interface, it can be integrated into a network. Specialists call these machines "Industrial Internet of Things", or "IIoT" for short.
As soon as a producing device is within a network, it is theoretically vulnerable. Attackers then use, for example, a special code that only the machine understands, send it through the network and cause damage or start blackmailing the company. But auxiliary PCs that are not specially protected are also often a target.
Known ransomware attacks on OT
🔎 An entire environment of a smart factory can be checked with a risk analysis in relation to information security according to IEC 62443 (Image: Barracuda).
The 2021 ransomware attack on JBS, the US subsidiary of the Brazilian, world's largest meat producer JBA SA, shows the digital vulnerability of today's industrial companies if they do not have adequate protection for their OT. In this case, ransomware encrypted numerous production PCs for documentation in meat processing, which led to production downtime for days. So it was not the administration with IT security that was hit, but the OT network, which also works with PCs. JBS paid a ransom of $11 million for its OT security failures, plus the cost of the loss of production, the conversion of the OT network, and the purchase of a new security solution in record time.
Another well-known case is the attack on the American fuel supplier and pipeline operator Colonial Pipeline, in which attackers managed to infiltrate the pipeline monitoring layer and place ransomware there. At the direction of the plant manager, the employees shut down the pipeline. This cut off the main source of gasoline, diesel and heating oil for the east coast of the USA and a KRITIS supplier was paralysed. The pipeline only went back into operation after a ransom of $4,4 million was paid to the attacker group Darkside.
Pay ransom or not?
The question of whether the affected company should pay the ransom in the event of a successful ransomware attack is not answered unanimously, even by specialists. Companies must be aware that every euro paid can finance another attack. The politically correct answer is therefore: don't pay. Also, because that reduces your own attractiveness as a future repeated target.
In practice the case is different. If a company is about bare existence, everyone will immediately agree to a payment. Because if essential data is no longer accessible or can no longer be restored with reasonable effort, a company is left with few options.
The payment of the ransom is therefore less a moral than a commercial decision. And it doesn't relieve the need for forensic workup and clean-up afterwards, in addition to new safeguards to safeguard against further attacks. It is all the more advisable to invest in prevention while you still can.
Realize OT security with external experts
🔎 Stefan Schachinger, Product Manager Network Security - IoT/OT/ICS at Barracuda (Image: Barracuda).
Against the background of constantly increasing threats, producing SMEs have to rethink OT security and examine their situation. How endangered is the current production site? Are the networks separate, linked and accessible from the outside? Is there any decent OT security at all and when was it last checked?
Companies cannot answer many of these questions themselves, but need external advice, including test attacks and an evaluation of the vulnerability. It is therefore best for companies to reconsider and check their OT security structures when planning a new building or conversion of a company.
This can be illustrated using the example of planning and implementing the protection of an offshore wind farm. Every device in the network, whether small or large like a whole pinwheel, is seen as an IoT device (Internet of Things) and protected within the network. All communication in the network is monitored, access is evaluated according to rights or anomalies are analyzed. If necessary, parts of the network can be isolated or access blocked immediately. Modern producing technologies should therefore always work together with modern OT protection technologies.
Intelligent linking of IT and OT security
The linking of OT and IT opens up new opportunities for industry, but also leads to a multitude of cybersecurity threats. Therefore, companies need a comprehensive security strategy that considers the entire security lifecycle from production to business operations in order to safely exploit the full potential of automation and digitization.
More at Barracuda.com
Via Barracuda Networks Striving to make the world a safer place, Barracuda believes that every business should have access to cloud-enabled, enterprise-wide security solutions that are easy to purchase, implement and use. Barracuda protects email, networks, data and applications with innovative solutions that grow and adapt as the customer journey progresses. More than 150.000 companies worldwide trust Barracuda to help them focus on growing their business. For more information, visit www.barracuda.com.