When Colonial Pipeline CEO Joseph Blount testified before the US Congress, he revealed that the attack was completely avoidable; Blount admitted that Darkside gained access through a VPN that did not require multifactor authentication.
As IT and OT networks continue to converge, organizations need to understand how these networks are connected.
Programmable Logic Controllers (PLC) monitor the communication input and output of devices connected to an organization’s network. These communications can be analyzed at the packet level to detect anomalies or signatures of known attacks. Upon detection of an incident on the IT network, an organization should quarantine compromised devices and block all communication between IT and OT.
This approach requires network monitoring and enforcement tools to identify current network communications, detect threats and violations, and enforce segmentation rules.
The Oldsmar water treatment plant attack is evidence that the use of remote access has increased since the pandemic. Organizations need to ensure that only approved remote access connections are allowed by continuously monitoring communications such as VNC, SSH, RDP, and others. Oldsmar got lucky, but many other OT systems in similar treatment plants may lack the visibility security teams need to identify these attacks.
Iranian railways discovered a preventable host of vulnerabilities in their IT network last July. Train systems rely on critical OT systems that integrate with IT systems and include everything from signaling solutions to sensors and brake unit devices. These endpoints connectto the network, and include software that enables the collection of data and communication back to network operations centers.
To enable this communication, connected devices rely on the TCP/IP stack. Forescout research has revealed nearly 100 vulnerabilities across more than a dozen TCP/IP stack implementations.
When it comes to the shared responsibility of securing third-party software, organizations need to become proactive in their vendor security assessments. The industry should reward vendors that have secure software design lifecycles and exploit mitigation, but it should not stop there.
As an industry, we need to move towards Zero trust policies for least-privileged access of devices and rigorous access management processes that apply to all computing environments, be they mainframe, OT or hybrid cloud IT.
Those who act now will have less to worry about when new regulations are introduced. Organizations that have learned the lessons of network segmentation, visibility and third-party risk assessment will be better prepared to minimize the impact and likelihood of similar incidents happening to them in the future.
"Slip slidin' away. Slip slidin' away. You know the nearer your destination, the more you slip slidin' away."
Posted By Steve King
Steve King is the managing director of CyberTheory, a full-service cybersecurity marketing advisory firm. King, an experienced cybersecurity professional, has served in senior leadership roles in technology development for the past 19 years.
Steve has founded nine startups, including Endymion Systems and seeCommerce. He has held leadership roles in marketing and product development, operating as CEO, CTO and CISO for several startups, including Netswitch Technology Management. He also served as CIO for Memorex and was the co-founder of the Cambridge Systems Group. He has been granted engineering patents encompassing remote access multi-factor authentication using adaptive machine learning, applied cyber-threat intelligence networks, a universal IoT security architecture, contextual semantic search technologies, web-enabled multimedia transfers, image capture and database smart query processing.
To hear more ideas on cybersecurity, get our newsletter. No spam, just the good stuff once or twice a month. Sign up below.
Subscribe to our newsletter!
Get updates from JupiterOne Mission Control
Fresh content and cool cybersecurity news alerts delivered to your inbox at least 2x a month! Just let us know where to send it.