Operational technology under threat

Operational technology under threat
(Image credit: Pixabay)

Amid the Covid-19 pandemic, it’s clear that hackers are hoping to capitalize on public fear. Whether for financial gain, data hoarding or espionage, hackers are targeting individuals and institutions through a range of attack methods related to the virus.

In the first three months of 2020, more than 16,000 domains were created relating to Covid-19. Unfortunately, about half of them – often appearing to be a genuine information website – can inject malicious software into a person’s device. Malware can compromise a system and steal or even delete available data, modify a system’s core functionalities, and secretly track a victim’s activities.

While Covid-19 is a new vector for hackers to tie into, another growing area of concern is in operational technology (OT) – the tools used to control complex systems like energy grids and traffic signaling. Bringing systems online that were not originally designed for it can be tricky if not done right can leave businesses vulnerable to machines being taken offline by hackers or used as a way into the company’s wider network. Protecting OT systems can genuinely mean keeping people alive, so companies must not approach it with a strategy developed for data-centric IT systems, instead they must integrate their IT and OT protection strategies effectively.

How has Covid-19 changed the security landscape?

Since the outbreak of the Covid-19 pandemic, many businesses around the world have moved to employees working from home – often with little notice or preparation. As a consequence of vast numbers of employees accessing networks and sensitive data from various locations around the world, there has been a significant increase in the risk to cybersecurity. Some workers who are now reliant on unknown personal devices and unsecured networks could effectively become a backdoor to their wider company’s IT network, putting a target on their backs for cyberattacks.

While the pandemic hasn’t necessarily changed how cybercriminals operate, we’ve seen a radical shift in where and when they launch their offence. As the virus developed and spread across the world, so too did the attacks. Those related to Coronavirus first appeared in Asia, and then later Eastern and Western Europe.

Is the UK’s Critical National Infrastructure vulnerable to cyberattacks?

The UK’s critical national infrastructure (CNI) has long been a target for those seeking to disrupt or cause damage to the UK. What’s different now is the impact Covid-19 has had. Since the outbreak of Covid-19, additional cyber support has been installed around Government infrastructure, like the NHS, as hackers have targeted in abundance. Our Cyber Threat Intelligence team has found that the biggest threat to hospitals at the moment is ransomware attacks, which can paralyze a hospital and lead to patient deaths. This critical situation often leads victims to be more willing to pay the ransom, a fact that cyber-criminals take advantage of.

From a wider CNI perspective, such as nuclear power stations, airports and energy grids, a greater issue has been managing these systems remotely as lockdowns have been imposed.

Does the UK have a cybersecurity skills problem?

Cybersecurity isn’t based on just one skill; it’s a range of complex skills, and different roles require a different set of capabilities. OT security for example, is more often than not, an engineering challenge as much as it is a cybersecurity one – as you are regularly dealing with systems that were never intended to be connected. This can make it very difficult when recruiting for a cybersecurity role, especially when there is a clear need for more talent within the industry.

According to (ISC), there is estimated to be over four million jobs in the cybersecurity industry unfilled globally, and this skills gap is growing. While there is no quick fix, the industry must continue to focus on educating companies on what skills they should be looking out for in people, while teaching their own employees about possible threats to look out for and how to safeguard their data including the ability to spot attacks or suspicious behavior.

Is board engagement still an issue for cyber professionals?

For a long time, the biggest battle IT leaders had was increasing board awareness around taking the threat of security seriously, but finally their encouragement to address security solutions are cutting through. However, while security professionals on the traditional IT management and data protection side are gaining traction, those tasked with securing OT face a bigger battle. Put simply, how secure their factory is is not a board level issue currently. Things are changing though and companies are starting to become more aware of the operational productivity risk of bringing systems online and the threats posed to them as a result. Looking ahead, expect this to be more addressed at that boardroom level in years to come.

  • Gareth Williams, Vice President - Secure Communications & Information Systems UK, Thales.
Gareth Williams

Gareth Williams, Vice President - Secure Communications & Information Systems UK, Thales. He is responsible for the Communications and Cyber Security businesses of Thales in the UK. Gareth is a member of the Cyber Security Management Committee for Tech UK.