In June 2020, Honda was forced to shut down two automotive plants due to a ransomware attack. The company was quick to reassure the public that there had been no leakage of personally identifying data, like customer passwords or credit cards. But the damage, both financial and reputational, was already done.

Today’s headlines are littered with news of cyber-attacks. So much so that most of us barely notice anymore. But the Honda attack seems to point to a sea change. Instead of targeting IT systems first, then moving on to operational technology (OT) and industrial control systems (ICS), hackers are now hitting OT first.

Why go after OT systems? Hackers are well aware that…

  • Connectivity has been increasing across industrial control systems (ICS).
  • OT systems are less secure than many IT systems.
  • OT systems are not secured by most conventional cyber security solutions.

Which industries are being increasingly targeted by threat actors, including some at the nation-state level? Essentially, anywhere that vulnerable OT systems are in place, including transportation, oil and gas, manufacturing, energy, and utilities.

The increase in connectivity among OT devices and systems helps keep your critical industrial processes up-to-date and running smoothly. But it also risks exposing all your OT-related devices and facilities. The more interconnected these systems are across manufacturing and critical infrastructure facilities, the greater the potential that cyber-attacks could cause major disruption and damage.

Let’s explore what makes OT devices more vulnerable, then examine why protecting them is critical.

 

Why Are OT Devices More Vulnerable?

Operational technology (OT) devices are essentially electronic tools used to manage, monitor, and maintain industrial operations, including equipment and other assets as well as processes. This technology developed in parallel to mainstream IT, albeit completely separately since it emerged directly in response to needs within the industrial sector.

OT is used in industry as sensors, actuators, robots, and programmable logic controllers. Originally developed by industrial equipment vendors for performance and safety, they were mainly seen as “shop floor” devices without much intelligence. At the time, security was a complete non-issue: These devices couldn’t be hacked because they weren’t online. Within this completely separate realm, there was no need for any security policies or system management.

Today, OT has changed radically. More and more manufacturers are seeing the benefits of bringing their OT devices online, allowing them greater control over processes, greater sophistication in their analysis and optimization, and faster alerts when problems arise.

Understanding the origin of OT helps us understand why these devices are inherently more vulnerable:

  • A typical industrial network includes devices from multiple manufacturers.
  • These devices are created with weak or hardcoded passwords.
  • They are operated and managed by manufacturing rather than IT.
  • Their software often can’t be updated or patched, or they can’t be offline long enough to update them.
  • IT doesn’t have full transparency into the range and type of devices functioning within OT.

This last point is probably the most important. While IT is charged with managing your overall security posture, in most organizations, OT devices fall through the cracks, creating a general lack of security consciousness about how to deal with them. Then, when connected to the outside world, they become the weak link in a security chain that ultimately puts your whole organization at risk.

Once hackers have managed to penetrate your organization, they can choose to remain on the OT side of things or move laterally to IT and mission-critical business devices. From inside your network, hackers can steal intellectual property and other protected data; covertly monitor internal network traffic, obtaining confidential information and trade secrets; take control of critical manufacturing operations and building infrastructure—or a combination of these.

According to a Deloitte report on cyber risk in manufacturing, an attack can result in “loss of valuable ideas and market advantage to financial and reputational damage — particularly in cases where sensitive customer data is compromised.”

 

Why Is Protecting OT More Critical Now Than Ever Before?

Recognizing the vulnerability of OT, hackers have begun changing their modus operandi. Formerly, if they wanted to impact operations, they’d target IT first, then move laterally toward OT. Today, this has changed—many hackers are targeting OT first, recognizing that OT is usually more vulnerable.

Additionally, new strains of malware, such as EKANS, are being developed to directly target OT and take advantage of its specific vulnerabilities. While ICS malware is still relatively rare in the wild, it will almost certainly increase in the near future with the success of a few recent high-profile attacks—such as Triton/Trisis and Industroyer—targeted at ICS.

But the biggest reason you need to act now to protect your OT devices? Because no one truly knows the scope of the problem. And that’s because most companies that fall victim to OT cyber-attacks don’t go public with the news.

When a Norwegian aluminum manufacturer was hit with a massive ransomware attack in 2019, shutting down plants for weeks and costing up to $110 million in production, they bucked the trend: They shared all the details in an effort to help other companies. “You really don’t believe it,” said a senior VP with the company, still reeling from the shock of the attack.

But when security journal CyberScoop called other manufacturers in the U.S. and the EU who’d reportedly been hit by similar attacks, not a single one was willing to comment due to the stigma attached to being breached.

Their silence is dangerous. Not hearing about attacks does not mean they aren’t happening, and your organization might be next.