By Michael Rothschild, director of OT solutions, Tenable
The past few weeks have been rough for critical-infrastructure environments.
On the heels of a ransomware attack that halted Colonial Pipeline, which provides roughly 45% of the fuel on the East Coast, JBS, the largest meat-production facility in the world, shut down operations following a similar attack. There have also been recent cyber-incidents on nuclear, water and grid facilities.
While facts regarding the JBS incident are still emerging, it is the most recent example of a disturbing trend—critical infrastructure of all types are at risk.
Up until relatively recently, critical infrastructure had not been a major target for cyberattacks. However, with the convergence of IT and OT as well as the rapid adoption of IoT technology, industrial environments now face new attack vectors and larger attack surfaces that can cripple operations.
Any downtime of these mission-critical operations can cost millions of dollars; attacks also have the potential for serious economic damage—food-security issues, fuel shortages and contaminated water supplies. In turn, cybercriminals have capitalized on our global dependence on critical infrastructure by holding these systems for ransom.
Now is the time for critical-infrastructure providers to take stock of their OT security posture. There only needs to be one weak point in IT or OT operations for an attack to be successful and then proliferate across the converged environment.
The sky is not falling, but there are storm clouds on the horizon. Proactively preparing for hacks by gaining the visibility, security and control across IT and OT operations now will pay for itself by reducing risk and ensuring the safety of operations that society simply cannot live without.
