OT/ICS News Roundup – Week of 2.20.17

We’re going to start compiling a news round-up of interesting developments in the OT/ICS space starting………….now! 

 Here are a few stories that turned our heads over the past few days:

Georgia Tech Researchers Use Ransomware to Command PLCS From the article: 

 “Cybersecurity researchers at the Georgia Institute of Technology have developed a new form of ransomware that was able to take over control of a simulated water treatment plant. After gaining access, the researchers were able to command programmable logic controllers (PLCs) to shut valves, increase the amount of chlorine added to water, and display false readings.” 

Our Take: We’re increasingly concerned about the threat of ransomware in OT/ICS environments. Early warning signs are that cyber criminals will soon be playing in this space. Leaving alone nation-state “cyber-war” scenarios, the potential is quite real for criminals to disrupt production and impact the economy through ransomware attacks on OT/ICS

http://www.news.gatech.edu/2017/02/13/simulated-ransomware-attack-shows-vulnerability-industrial-controls 

Ransomware Exploding Thanks to Bitcoin Anonymity From the Article: 

 “And ransomware is moving on to bigger targets. The focus is increasingly on places like hospitals, which have restrictions on what they can do with patient data. The bad guys find out where the computer backups are stored, they penetrate them and encrypt them, and then they hold the data for ransom. Cyber attackers held an Austrian hotel network for ransom. The criminals demanded $1,800 in Bitcoin to unlock the network while preventing guests from checking in and out of the hotel and locking them out of their guest rooms. The hotel paid up. A crypto ransomware attack also hit San Francisco’s Municipal Transportation Agency as an infection spread across the Muni system’s networks, taking down ticketing systems. The criminals asked for $73,000 in exchange for restoration of the Muni data.”

Our Take: See first story above – we provide this as additional support for our concern. Granted, the attacks referenced in the quote pull weren’t directed at PLCs – but you get the point. The threat is coming…and unlike IP theft, the impact of attacks will be immediate and reverberate widely through our economy. Not being FUD-DY…trying to get the word out.



http://venturebeat.com/2017/02/19/ransomware-has-exploded-because-of-bitcoins-anonymity/

Ponemon/Siemens Study – The State of Cyber Security in Oil and Gas  From the Study:Study Reveals Cybersecurity Readiness Gaps in America’s Oil and Gas Industry
  • 68 percent of respondents said their operations have had at least on security compromise in the past year
  • Only about one-third of U.S. oil and gas cyber managers rate their organization’s readiness as high
  • 59 percent believe there is a greater risk to operational technology than to IT

Our Take: We aren’t at all shocked by these findings as we spend a ton of time working with Oil and Gas companies. They struggle to address the gaps in their OT security just like any other industry but have unique complexities related to their environments. We outline some of these problems and our solution to them in this case study – read it and read the Ponemon results below…

https://siemensusa.newshq.businesswire.com/sites/siemensusa.newshq.businesswire.com/files/doc_library/file/Cyber_readiness_in_Oil__Gas_Final_4.pdf