Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Operational Technology. Show all posts
Operational Technology
Canada oil and gas sector Canadian Centre for Cyber Security Cyber Attacks Cybersecurity Threats Digital Transformation Operational Technology

Canada’s Oil and Gas Sector Faces Rising Cybersecurity Threats Amid Digital Transformation

 

Canada’s oil and gas sector, a vital part of its economy, contributes approximately $120 billion, or about 5% of the country’s Gross Domestic Product (GDP). This industry not only drives economic growth but also supports essential services such as heating, transportation, and electricity generation, playing a crucial role in national security. However, the increasing digital transformation of Operational Technology (OT) within this sector has made it more vulnerable to cyber threats, according to a report by the Canadian Centre for Cyber Security.

A survey conducted by Statistics Canada revealed that around 25% of all Canadian oil and gas organizations reported experiencing a cyber incident in 2019. This is the highest rate of reported incidents among all critical infrastructure sectors, highlighting the urgent need for improved cybersecurity measures in Canada. While the digital transformation of OT systems enhances management and productivity, it also expands the attack surface for cyber actors, exposing these systems to various cyber threats.

The Canadian Centre for Cyber Security's report indicates that medium- to high-sophistication cyber threat actors are increasingly targeting organizations indirectly through their supply chains. This tactic enables attackers to gain valuable intellectual property and information about the target organization’s networks and OT systems. The reliance of large industrial asset operators on a diverse supply chain—including laboratories, manufacturers, vendors, and service providers—creates critical vulnerabilities that cyber actors can exploit to access otherwise protected IT and OT systems.

The report emphasizes that cybercriminals driven by financial gain pose the most significant threat to the oil and gas sector. Business Email Compromise (BEC) schemes and ransomware attacks are particularly prevalent. Although BEC is more common and costly, ransomware remains a primary concern due to its potential to disrupt the supply of oil and gas to customers.

The evolving cybercriminal ecosystem, including ransomware-as-a-service (RaaS) models, allows even less skilled attackers to launch sophisticated attacks, resulting in an increase in successful incidents targeting the sector. The report cites the Colonial Pipeline ransomware attack in May 2021 as a stark example of the potential consequences of such cyber incidents. This attack forced the shutdown of a major fuel pipeline in the U.S., leading to significant disruptions, panic buying, and price spikes. Similar incidents could occur in Canada, jeopardizing the supply of essential products and services.

Financial Implications of Data Breaches

The report also highlights the financial implications of cyber threats. The cost of a data breach can vary significantly, with estimates suggesting it can reach millions of dollars depending on the organization's size and nature. The potential for disruption or sabotage of OT systems poses a costly threat to owner-operators of large OT assets, impacting national security, public safety, and the economy.

The Canadian Centre for Cyber Security notes that the oil and gas sector attracts considerable attention from financially motivated cyber threat actors due to the high value of its assets. Cybercriminals target not only operational systems but also valuable intellectual property, business plans, and client information. Protecting these assets is crucial, as the disruption of operations could have far-reaching consequences.

In light of these threats, the report urges organizations within the oil and gas sector to prioritize cybersecurity investments and adopt a proactive approach to risk management. Continuous training and awareness programs for employees are essential to mitigate risks associated with human error, a significant factor in successful cyber attacks.

The Canadian Centre for Cyber Security stresses the need for collaboration between public and private sectors to combat cyber threats effectively. By sharing information and best practices, organizations can better prepare for and respond to cyber incidents.

Overall, the findings from the Canadian Centre for Cyber Security highlight the pressing need for enhanced cybersecurity measures within Canada’s oil and gas sector. With cyber threats on the rise, it is imperative for organizations to take proactive steps to safeguard their operations and ensure the resilience of this critical infrastructure. The time to act is now, as the stakes have never been higher in the fight against cybercrime
Read more »
water system security
Cyber Hackers Cyber Security cybersecurity risks data security digital safety Environment IRGC Operational Technology water supply water system security

EPA Report Reveals Cybersecurity Risks in U.S. Water Systems

 

A recent report from the Environmental Protection Agency (EPA) revealed that over 70% of surveyed water systems have failed to meet key cybersecurity standards, making them vulnerable to cyberattacks that could disrupt wastewater and water sanitation services across the United States. 

During inspections, the EPA identified critical vulnerabilities in numerous facilities, such as default passwords that had never been updated from their initial setup. In response, the agency issued an enforcement alert, urging water system operators to improve their cybersecurity measures. Recommended actions include conducting an inventory of operational assets, implementing cybersecurity training programs, and disconnecting certain systems from the internet to enhance security. 

The EPA has announced plans to increase inspections of water infrastructure and, when necessary, take civil and criminal enforcement actions to address any imminent and substantial threats to safety. Under Section 1433 of the Safe Water Drinking Act, community water systems serving over 3,300 people are required to perform comprehensive safety assessments and update their emergency response plans every five years. 

The high failure rate reported by the EPA indicates potential violations of this section, highlighting missed opportunities to protect these essential services through risk and resilience evaluations. This alert follows a series of cyber incidents over the past year, where nation-state hackers and cybercriminal groups have targeted water systems. These attacks have included unauthorized access to water treatment control systems, manipulation of operational technology, and other forms of sabotage. The regulatory environment for U.S. water systems is complex, often involving state and local government oversight.

Many rural water operators, unlike their federal counterparts, lack sufficient resources to bolster their digital defenses. While the EPA has attempted to enforce stricter security mandates, these efforts have faced legal challenges from GOP-led states and industry groups. In October, the EPA rescinded a directive that would have required water providers to assess their cybersecurity measures during sanitation surveys. Nation-state adversaries, including Chinese and Iranian hacking groups, have frequently breached U.S. water infrastructure. 

China's Volt Typhoon group has been particularly active, infiltrating critical infrastructure and positioning themselves for further attacks. In one instance, Iranian Revolutionary Guard Corps-backed hackers targeted industrial water treatment systems, and more recently, Russia-linked hackers breached several rural U.S. water systems, posing significant safety risks. In March, the EPA and the National Security Council issued a joint alert, urging states to remain vigilant against cyber threats targeting the water sector. The alert emphasized that drinking water and wastewater systems are attractive targets for cyberattacks due to their critical role and often limited cybersecurity capabilities. 

Moreover, a Federal Energy Regulatory Commission (FERC) official recently testified about the vulnerability of dam systems to cyberattacks, indicating that new cybersecurity guidelines for dams could be developed within the next nine months. The EPA's report underscores the urgent need for improved cybersecurity measures in U.S. water systems to protect these vital resources from potential cyber threats.
Read more »
US-China
APT CISA Cyber Attacks DOD Military Degradation Operational Technology US Department of Defense US Military US-China

DoD Claims: China’s ICS Cyber Onslaught Aims at Gaining Strategic Warfare Advantages


According to the US Department of Defense (DoD), China's relentless cyberattacks on vital infrastructure are likely a precautionary measure intended to obtain a strategic advantage in the event of violent warfare.

The Cyber Strategy released earlier this week by DoD has mentioned an increase in the state-sponsored cybercrime from People's Republic of China (PRC), particularly against sensitive targets that could affect military responses. 

According to the agency, this is done in order to "to counter US conventional military power and degrade the combat capability of the Joint Force."

The DoD claims in their report that the PRC "poses a broad and pervasive cyberespionage threat," monitoring movements of individual beyond its borders, and further acquiring technology secrets, and eroding the capabilities of the military-industrial complex. However, the NSA cautioned that the operation goes beyond routine information collecting.

"This malicious cyber activity informs the PRC's preparations for war[…]In the event of conflict, the PRC likely intends to launch destructive cyberattacks against the US Homeland in order to hinder military mobilization, sow chaos, and divert attention and resources. It will also likely seek to disrupt key networks which enable Joint Force power projection in combat," the report stated.

An Increasing Chinese Focus on Military Degradation

The notion that cyber activities can signal impending military action is consistent with predictions made earlier this year in the wake of the Volt Typhoon attacks by Microsoft and others. With a series of compromises that targeted telecom networks, power and water controls, US military bases at home and abroad, and other infrastructure whose disruption would interfere with actual military operations, the Beijing-backed advanced persistent threat (APT) made national headlines in the US in May, June, and July.

However, the operational technology (OT) used by the victims has not yet been impacted by the compromises. But, CISA Director Jen Easterly warned at Black Hat USA in August that if the US gets involved in a potential invasion of Taiwan, the Chinese government may be positioning itself to launch disruptive attacks on American pipelines, railroads, and other critical infrastructure.

"This APT moves laterally into environments, gaining access to areas in which it wouldn't traditionally reside[…]Additionally, this threat actor worked hard to cover their tracks by meticulously dumping all extracted memory and artifacts, making it difficult for security teams to pinpoint the level of infiltration," says Blake Benson, cyber lead at ABS Group Consulting.

Taking into account the military-focused cyber activities that can potentially entail collateral damage to bystander business, there could also be a sort of ‘anti-halo effect’ at work, according to John Gallagher, vice president of Viakoo Labs at Viakoo.

"Virtually all exploits launched by nation-states 'leak' over to non-nation-state threat actors[…]That means organizations who depend on IoT/OT systems will be direct targets at some point to the same threats being launched against national critical infrastructure," warns Gallagher.  

Read more »
Vulnerabilities and Exploits
Operational Technology RCE Remote Code Execution Security research Vulnerabilities and Exploits

Several RCE Bugs Making Industrial IoT Devices Vulnerable to Cyberattacks


Eleven vulnerabilities in the cloud-management platforms of three industrial cellular router vendors put operational technology (OT) networks at risk for remote code execution, even when the platform is not actively set up for cloud management.

Eran Jacob, team leader of the security research team at Otorio, and Roni Gavrilov, security researcher, warn that the vulnerabilities are critical as they can be used to exploit thousands of industrial Internet of Things (IIoT) devices and networks in a variety of sectors, even though they affect devices from only three vendors, namely Sierra Wireless AirLink, Teltonika Networks RUT, and InHand Networks InRouter. 

"Breaching of these devices can bypass all of the security layers in common deployments, as IIoT devices are commonly connected both to the Internet and the internal OT network[…]It also raises additional risk for propagation to additional sites through the built-in VPN," the researchers said.

The researchers added that in case the attackers acquire a direct connection to the internet OT environment, it may further impact production and pose safety risks for users in their virtual environment.

Attackers can also use a variety of vectors to take advantage of the flaws, according to the researchers, including compromising devices in the production network to enable unauthorized access and control with root privileges, gaining root access through a reverse shell, and using compromised devices to exfiltrate sensitive data and carry out actions like shutdown.

Where the Issues Lie 

Multiple devices can connect to the Internet using a cellular network thanks to an industrial cellular router. According to the researchers, these routers are frequently utilized in industrial environments like factories or oil rigs where typical wired Internet connections would not be viable or dependable.

"Industrial cellular routers and gateways have become one of the most prevalent components in the IIoT landscape[…]They offer extensive connectivity features and can be seamlessly integrated into existing environments and solutions with minimal modifications," Gavrilov wrote in the report.

In order to give clients remote management, scalability, analytics, and security across their OT networks, vendors of these devices use cloud platforms. The researchers further noted that they discovered a number of vulnerabilities that "pertain to the connection between IIoT devices and cloud-based management platforms," which is, in some cases, enabled by default.

"These vulnerabilities can be exploited in various scenarios, affecting devices that are both registered and unregistered with remote management platforms[…]Essentially, it means that there are security weaknesses in the default settings of certain devices' connectivity to cloud-based management platforms, and these weaknesses can be targeted by attackers," they said.

Mitigation Strategies

Researchers have provided vendors of these devices as well as OT network administrators with a number of mitigation measures. They recommended that OT network managers uninstall any inactive cloud features if they are not actively using the router for cloud management in order to avoid device takeovers and minimize the attack surface.

Administrators can also restrict direct connection from IIoT devices to routers because built-in security mechanisms like firewalls and VPN tunnels lose their effectiveness after being compromised, according to the researchers.

"Adding separate firewall and VPN layers can assist with delimitering and reduce risks from exposed IIoT devices used for remote connectivity," Gavrilov added in the report.  

Read more »
Vulnerabilities
CAN Cyber Security Operational Technology Vulnerabilities

Fixing Insecure Operational Technology That Threatens the Global Economy

 


Considering the widespread technology leading to cyberattacks, the demand for work to safeguard the systems and networks also increases. Many techniques have been developed for protecting bits and bytes of computer networks, yet no such method has been discovered for strengthening the physical framework which handles the world’s economy. 

In many countries, operational technology (OT) platforms have largely polluted traditional physical infrastructures as they have been able to computerize their entire physical infrastructure, whether it is buildings, bridges, trains, and cars, or the industrial equipment and assembly lines that work hard to generate an economy's wealth. Even after so many updates in the tech world, if there is any cyberattack with new technology on things like planes or beds, it will be completely whimsy. There is a definite requirement to take proper care and actions to avoid destructive damage caused due to such attacks.  

Consider, for instance, a scenario in which our country's northeast regions are left without heat in the middle of a brutal cold snap. This is the result of an attack on an energy plant. If such an attack was carried out, imagine the enormous amount of hardship that would be caused and even death - as homes would turn dark, businesses would lose customers, hospitals would have trouble operating, and airports would be shut down. 

The first idea was that this kind of cyber threat could be a prime target for physical infrastructure when the Stuxnet virus emerged over a decade ago. At least 14 industrial sites, including a uranium enrichment plant in Iran, were infected by a malicious threat known as Stuxnet, which inserted malware into the software. 

Built-in vulnerabilities 

Operational technology manufacturers have always had a problem in which they did not design their products with security in mind when they developed them. Thus, trillions of dollars worth of OT assets are incredibly vulnerable today, which has led to tremendous financial losses. Almost all the products in this category are designed to use microcontrollers that communicate over controller area networks (CANs), which are insecure. 

As well as for passenger vehicles and agricultural equipment, the CAN protocol is used in an extensive range of other products, such as medical instruments and building automation systems. However, it does not include mechanisms for supporting secure communications. Additionally, it lacks authentication and authorization. When a CAN frame is sent, it does not involve any information about the sender's address hence the recipient's address cannot be determined from the CAN frame. 

Thus, there has been a considerable increase in the vulnerability of CAN bus networks to malicious attacks, as a consequence, especially with the expansion of the cyberattack landscape. We, therefore, need to come up with more advanced approaches and solutions to better secure CAN buses and protect vital infrastructures to better secure them. 

As we examine what can happen if a CAN bus network is compromised, let us first examine what might happen if we consider what this security should look like. Several microprocessors are interconnected by a CAN bus. They act as a communication channel that is shared by all of them. The CAN bus makes it possible for several systems within an automobile. For example, to communicate seamlessly over a common channel. The CAN bus allows the engine system, combustion system, braking system, and lighting system to operate seamlessly in communicating.

However, hackers can still send random messages in compliance with the protocol and interfere with CAN bus communication because it is inherently insecure. Consider the havoc that would ensue if even a small-scale hack of an automated vehicle occurred, transforming these cars into a swarm of potentially lethal objects, causing an unimaginable amount of disaster and mayhem. 

As much as the automotive industry is facing the challenge of designing a well build, embedded security mechanism to protect CAN, the challenge is that it must achieve high fault tolerance while keeping costs low. Ultimately, these startups will be able to defend all our physical assets, including planes, trains, and manufacturing systems from cyberattacks. 

How OT Security Would Work 

How would such a company look if it existed? By intercepting data from the CAN and deconstructing the protocol, this kind of application could enrich and alert anomalous communication traffic traversing the OT data bus. This is ranging the CAN. An operator of high-value physical equipment, having such a solution installed, would be able to gain real-time, actionable insight into anomalies and intrusions within their systems - and hence would be better equipped to thwart any cyberattacks that may occur. 

Usually, this type of company comes from the defense industry, but it can also come from other sectors. As well as having the potential to examine various machine protocols, it will also have a lodged data plane with deep foundational technology. 

A $10 billion-plus opportunity can easily be created with the right team and support. Protecting the physical infrastructure of our country is one of the most imperative obligations that we have. Hence, there is a clear need for new solutions, concentrated on hardening critical assets against cyberattacks, which can provide a practical solution to the problem.
Read more »
Subscribe to: Posts (Atom)