When most people think of cybersecurity or cyber attacks, they typically think of malicious activity targeting sensitive IT (information technology) assets. These assets often contain highly-valuable data that can be stolen, sold, or held for ransom by a motivated adversary.
But what about the OT (operational technology) that controls critical elements that we rely on everyday? What threats are present and what does a cyber attack on an OT system look like?
Here’s an example: Think about all of the physical items in your home that are connected to a network: wireless thermostats to control temperature, garage door remotes, smart door locks that allow you to lock (or unlock) your front door from your phone.
See where we’re going with this?
Now think about the specific OT technology that connects electronic subsystems and controls mechanical functionality in energy facilities, airplanes, trains, autonomous vehicles, water treatment plants, fuel pipeline operators, and military weapons systems. How secure are these systems?
The Colonial Pipeline attack that occurred in recent news continues to impact the lives of millions of Americans, leading to increased buying at the fuel pumps, which has contributed to fuel shortages and increased prices. Even though operations at Colonial have resumed, truckers are not able to transport fuel fast enough to meet the panic-driven demand and it will be weeks before supply chain operations return to normal.
“The six-day Colonial Pipeline shutdown was the most disruptive cyberattack on record, which underscored the vulnerability of vital U.S. infrastructure to cybercriminals.” – Reuters.com
According to the Wall Street Journal, “The company said Monday that the hack affected only its information technology, rather than control systems used to run the pipeline, and that it aims to restore substantial service by week’s end.” Although Colonial Pipeline has not released information regarding how the breach occurred, we do know that this attack was detrimental to their operations… and this is not an isolated incident. Earlier this year, there was an OT attack in the Oldsmar Water Supply in Florida when a disgruntled employee attempted to inject 100x the safe level of lye into the Oldsmar Florida water supply. Thankfully, a plant operator noticed that someone was remotely operating his computer, clicking through the water treatment plant’s controls and changing settings. He spotted the intrusion, remediated the dangerous settings, and alerted safety personnel of the problem.
These are prime examples of attacks that have been happening for 20+ years, but the rate, severity, and classes of assets are expanding.
“The increase in OT attacks is the result of two trends. First, critical infrastructure and fleet assets have become more and more digital over time. Second, we’re commingling IT and OT at an ever increasing rate. This gives attackers the ability to have real world impacts at a greater rate than ever.” – Josh Lospinoso, CEO & Cofounder of Shift5
Cyber Vulnerability in Transportation
Another example of critical infrastructure vulnerable to cyber intrusions is within the transportation sector, such as rail fleets (see Can a Train Be Hacked?). This equipment is reliant upon onboard embedded computers that run software and firmware, which can be compromised by motivated adversaries. There are few, if any, existing cybersecurity monitoring solutions and the transportation industry hasn’t invested or deployed technologies to control software and firmware configurations onboard.
We, at Shift5, are driven to educate the public of these vulnerabilities within transportation and work toward a solution with industry leaders. Our findings and research highlight the current situation and the issues faced to improve onboard cyber monitoring of embedded computers and control networks that underpin many transportation vehicles such as locomotives and airliners.
In light of the recent news, President Biden has signed an Executive Order charting a new course to improve the Nation’s cybersecurity and protect federal government networks. Among the requirements include implementing a cyber incident response playbook and detection system to monitor for suspicious activity.
“Much of our domestic critical infrastructure is owned and operated by the private sector, and those private sector companies make their own determination regarding cybersecurity investments. We encourage private sector companies to follow the Federal government’s lead and take ambitious measures to augment and align cybersecurity investments with the goal of minimizing future incidents.” – The White House Briefing Room
At Shift5, our founders were among the first to pioneer several devastating penetration tests of major Department of Defense (DoD) weapons systems, and their efforts as Cyber Officers resulted in the National Defense Authorization Act 1647, which mandated a Department-of-Defense-wide weapon-system cybersecurity assessment. Today, we are conducting Cyber Security Risk Assessments (CSRA’s) within various industries and delivering OT security solutions to protect critical infrastructure from cyber attack.
Learn More About Shift5 for Rail and Shift5 for Military