Ransomware on OT Networks?
- Sep 10, 2019 9:46 pm GMT
- 469 views
There has been a significant increase of highly visible ransomware attacks in 2019 – most notably several city governments and schools that have either paid the ransom or spent significant time and effort to rebuild their Information Technology (IT) infrastructure. Since many of these attacks are against well-known servers and applications, many owners and operators of Operational Technology (OT) systems that utilize specialized software and hardware may believe that there is little ransomware risk for OT systems.
However, as the OT and IT environments continue their inevitable march towards convergence, there are increasing signs that the OT environments are increasingly vulnerable to a ransomware attack. For example, the Human Machine Interface (HMI) used to provide operations staff with a common interface into the control system is more likely to be utilizing a Microsoft Windows operating system than ever. The use of IT in the traditional OT environment is also seen in the data historian area, with database servers and storage systems formerly designed in an IT environment, now being located on the OT network to support new applications such as data analytics and machine learning.
The malicious groups are also hard at work developing new types of malware that are focused on OT networks and protocols, as seen in the modular attack framework known as TRITON. As OT networks become more important for management, system protection and efficiency under a new electric power generation model consisting of distributed energy resources, the risk of ransomware will grow in step.
OT owners and operators need to continually evaluate their environments for new services and technologies that may elevate their risk for ransomware and adopt the same level of disaster response and recovery preparedness that they have for their SCADA or control system devices. These measures will help minimize the impact of any malware attack, including ransomware.