The mission of this group is to bring together utility professionals in the power industry who are in the thick of the digital utility transformation. 


You need to be a member of Energy Central to access some features and content. Please or register to continue.


Ransomware on OT Networks?

There has been a significant increase of highly visible ransomware attacks in 2019 – most notably several city governments and schools that have either paid the ransom or spent significant time and effort to rebuild their Information Technology (IT) infrastructure. Since many of these attacks are against well-known servers and applications, many owners and operators of Operational Technology (OT) systems that utilize specialized software and hardware may believe that there is little ransomware risk for OT systems.

However, as the OT and IT environments continue their inevitable march towards convergence, there are increasing signs that the OT environments are increasingly vulnerable to a ransomware attack. For example, the Human Machine Interface (HMI) used to provide operations staff with a common interface into the control system is more likely to be utilizing a Microsoft Windows operating system than ever. The use of IT in the traditional OT environment is also seen in the data historian area, with database servers and storage systems formerly designed in an IT environment, now being located on the OT network to support new applications such as data analytics and machine learning.

The malicious groups are also hard at work developing new types of malware that are focused on OT networks and protocols, as seen in the modular attack framework known as TRITON. As OT networks become more important for management, system protection and efficiency under a new electric power generation model consisting of distributed energy resources, the risk of ransomware will grow in step.

OT owners and operators need to continually evaluate their environments for new services and technologies that may elevate their risk for ransomware and adopt the same level of disaster response and recovery preparedness that they have for their SCADA or control system devices. These measures will help minimize the impact of any malware attack, including ransomware.

Jeff Pack's picture

Thank Jeff for the Post!

Energy Central contributors share their experience and insights for the benefit of other Members (like you). Please show them your appreciation by leaving a comment, 'liking' this post, or following this Member.


Matt Chester's picture
Matt Chester on Sep 10, 2019 9:56 pm GMT

That's scary how many have paid the ransom, since that only encourages the practice. I can't imagine the PR nightmare if a large utility fell prey and ended up paying the ransom. 

Get Published - Build a Following

The Energy Central Power Industry Network is based on one core idea - power industry professionals helping each other and advancing the industry by sharing and learning from each other.

If you have an experience or insight to share or have learned something from a conference or seminar, your peers and colleagues on Energy Central want to hear about it. It's also easy to share a link to an article you've liked or an industry resource that you think would be helpful.

                 Learn more about posting on Energy Central »