Cybersecurity for operational technology: Part 3

Issue 7 2021 Information Security, Industrial (Industry)


Bryan Baxter.

According to a recent World Economic Report, the Covid-19 pandemic has increased our reliance on the global supply chain, while the Internet has accelerated the digitisation of business processes(1). To remain competitive, manufacturing companies are increasing their reliance on suppliers to help adopt 4IR innovations such as artificial intelligence, machine learning, IoT and big data.

This has exponentially increased risks from a cybersecurity perspective. As supply chains have become integrated, interconnected and increasingly complex, supply chain cyber-attacks are on the increase as they are very effective. Suppliers are most likely the second or third biggest risk in terms of cybersecurity.

The SolarWinds hack

A supply chain attack targets third-party suppliers who already have access to their customers’ systems. This is easier than trying to hack customers’ systems directly. This is effective as it hides the malware inside trusted software which is then distributed to thousands of customers.

A recent example is the SolarWinds hack, one of the largest ever recorded cyber-attacks(2). SolarWinds provides tools for thousands of organisations to monitor their IT networks and infrastructure systems. Early in 2020, hackers used an inadvertently sent out software update to customers that included the hacked code(3). The exploit created a backdoor through which hackers could gain access to customers’ IT systems.

Hackers could then access system files, exfiltrate or alter data and impersonate user accounts. The backdoor could also be used to install more malware, allowing them to escalate and maintain their hold on IT systems. The malware went undetected for months. This affected up to 18 000 customers, including critical agencies in the US government. More than 80% of the targets were Fortune 500 companies, i.e. Microsoft, Cisco, Intel and Deloitte.

This was a complex attack and required material resources. Nation-state hackers are believed to have been responsible, i.e. Russia’s Foreign Intelligence Service, known as the SVR. The real danger to enterprises is that once this approach has been used, it is out in ‘the wild’ and can be re-used or modified by other groups with far fewer resources.

Supply chain attacks are only one of the cyber risks from third-party suppliers. Here are a few more to take note of:

• New vendors and technologies are emerging all the time. IoT devices are a major concern as the focus is mass-producing low-cost connected devices, not protecting customers from cybersecurity threats.

• Support staff accessing your systems on-site or remotely with insecure connections or devices. This can introduce malware or open your systems to new vulnerabilities.

• Insecure software development can result in software being installed that can be easily exploited. This is especially risky with Internet-facing systems.

• Improperly trained support staff who neglect to apply basic security configurations.

• Insecure configurations of cloud and or software as a service are also common.

Assessing the risks

Regular risk assessments need to be conducted on third-party providers to address all the potential risks that they can introduce to your organisation. This will identify, assess, measure and monitor any risks associated with the relationship. The next step is to implement mitigating controls to address the risks. Third-party providers need to be effectively managed throughout the whole ‘vendor lifecycle’, from selection and on-boarding to off-boarding. Suppliers need to be challenged about their approach to cybersecurity and what security certifications and frameworks they have adopted. If they develop software or are a cloud or SaaS provider, they should have mature, secure development processes and apply cloud security principles(4).

Secure development applies fundamental, sound and secure software development practices based on established best-practice documents from organisations such as BSA, OWASP and SAFECode(5). If they do not have anything in place, they should commit to a prioritised roadmap to improve their cybersecurity posture.

Procurement and IT should build a cyber-reputation scorecard and avoid suppliers with a poor record. This will require effective and regular threat intelligence. Threat intelligence is information that helps organisations understand, identify, prevent and respond to security threats(6). Supplier contracts should be updated to address cybersecurity and introduce penalties if breaches result from negligence.

Targeted cybersecurity training should be conducted for OT and procurement staff. Adopting a best-practice cybersecurity framework is important. This provides an holistic view of what is needed and will help establish your organisation’s current level of maturity and provide a roadmap for improvement going forward. This will be covered in detail in the next article.

For more information contact Bryan Baxter, Wolfpack Information Risk, +27 82 568 7291, [email protected], www.wolfpackrisk.com

References

(1) WEF, 2021 Advancing Supply Chain Security in Oil and Gas: An Industry Analysis http://www3.wweforum.org/docs/WEF_Advancing_Supply_Chain_Security_in_Oil_and_Gas_2021.pdf

(2) Business Insider, 2021 - The US is readying sanctions against Russia over the SolarWinds cyber attack. Here’s a simple explanation of how the massive hack happened and why it’s such a big deal, https://www.businessinsider.com/solarwinds-hack-explained-government-agencies-cyber-security-2020-12?IR=T

(3) Chatham House, 2021 - The SolarWinds hack: A valuable lesson for cybersecurity, https://www.chathamhouse.org/2021/02/solarwinds-hack-valuable-lesson-cybersecurity?gclid=EAIaIQobChMIhOT948Lp8gIVGqd3Ch0fTw0_EAAYBCAAEgJjZvD_BwE

(4) Cloud Security Alliance, https://cloudsecurityalliance.org/

(5) NIST, 2021 - Secure Software Development Framework, https://csrc.nist.gov/projects/ssdf

(6) ZeroFOX, 2021 - What is External Threat Intelligence, https://www.zerofox.com/blog/what-is-external-threat-intelligence/


Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Highest increase in global cyberattacks in two years
Information Security News & Events
Check Point Global Research released new data on Q2 2024 cyber-attack trends, noting a 30% global increase in Q2 2024, with Africa experiencing the highest average weekly per organisation.

Read more...
Upgrade your PCs to improve security
Information Security Infrastructure
Truly secure technology today must be designed to detect and address unusual activity as it happens, wherever it happens, right down to the BIOS and silicon levels.

Read more...
Open source code can also be open risk
Information Security Infrastructure
Software development has changed significantly over the years, and today, open-source code increasingly forms the foundation of modern applications, with surveys indicating that 60 – 90% of the average application's code base consists of open-source components.

Read more...
DeepSneak deception
Information Security News & Events
Kaspersky Global Research & Analysis researchers have discovered a new malicious campaign which is distributing a Trojan through a fake DeepSeek-R1 Large Language Model (LLM) app for PCs.

Read more...
SA’s strained, loadshedding-prone grid faces cyberthreats
Power Management Information Security
South Africa’s energy sector, already battered by decades of underinvestment and loadshedding, faces another escalating crisis; a wave of cyberthreats that could turn disruptions into catastrophic failures. Attacks are already happening internationally.

Read more...
Almost 50% of companies choose to pay the ransom
News & Events Information Security
This year’s Sophos State of Ransomware 2025 report found that nearly 50% of companies paid the ransom to get their data back, the second-highest rate of ransom payment for ransom demands in six years.

Read more...
Survey highlights cost of cyberdamage to industrial companies
Kaspersky Information Security News & Events
The majority of industrial organisations estimate their financial losses caused by cyberattacks to be over $1 million, while almost one in four report losses exceeding $5 million, and for some, it surpasses $10 million.

Read more...
Digital economy needs an agile approach to cybersecurity
Information Security News & Events
South Africa is the most targeted country in Africa when it comes to infostealer and ransomware attacks. Being at the forefront of the continent’s digital transformation puts South Africa in the crosshairs for sophisticated cyberattacks

Read more...
SIEM rule threat coverage validation
Information Security News & Events
New AI-detection engineering assistant from Cymulate automates SIEM rule validation for SecOps and blue teams by streamlining threat detection engineering with automated testing, control integrations and enhanced detections.

Read more...
Cybersecurity a challenge in digitalising OT
Kaspersky Information Security Industrial (Industry)
According to a study by Kaspersky and VDC Research on securing operational technology environments, the primary risks are inadequate security measures, insufficient resources allocated to OT cybersecurity, challenges surrounding regulatory compliance, and the complexities of IT/OT integration.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.