Last June 9, 2021, the Cybersecurity and Infrastructure Security Agency (CISA) released the Rising Ransomware Threat to OT Assets, which addresses the recent rise in ransomware attacks targeting operational assets (OT) and control systems.
The guidance provides steps to prepare for, mitigate against, and respond to attacks. It also identifies how dependencies between an enterprise’s IT and OT systems can give attackers a path. Lastly, the document thoroughly explains how to decrease the risk of severe business degradation if affected by a ransomware attack.
To prepare for ransomware attacks, CISA recommends enterprises determine their critical operational processes’ reliance on key IT infrastructure and identify a resilience plan for when access control is lost. They should also exercise an incident response plan and Implement regular data backup procedures on both IT and OT networks.
For mitigating and responding to an attack, organizations must practice good cyber hygiene by updating software, implementing an allow listing, and enabling strong spam filters. Organizations must also identify which systems were affected and immediately isolate them and triage the impacted systems for restorations and recovery. They must also confer with teams to develop and document what has occurred.
According to the agency, critical infrastructure owners and operators should also adopt a “heightened state of awareness”. CISA also encourages them to identify critical processes that must not be interrupted to provide essential services, develop and regularly test workarounds and/or manual controls that ensure critical processes and industrial control system (ICS) network supporting them.
CISA recommends critical infrastructure owners to implement robust network segmentation between IT and OT networks and make sure backup procedures are executed and tested regularly. Lastly, backups should be isolated from network connections.
The fact sheet comes after numerous ransomware attacks on key critical infrastructures in the US and abroad, including the attack on Colonial Pipeline by DarkSide.
In 2019, Trend Micro conducted research analyzing cyberattacks by building and using a factory honeypot, mimicking a factory environment. The study, Fake Company, Real Threats, revealed that over 20 attacks were observed during 240 days- six of which affected factory productivity. This shows how vulnerable smart factories are when it comes to various cyberattacks, such as ransomware.
Ransomware incidents are federal crimes, according to the agency. Enterprises, especially critical infrastructure establishments, must report the attack to law enforcement to help bring the attackers to justice.
Moreover, decision-makers and stakeholders should have a better understanding of cybersecurity and its role in securing their operations and the safety of consumers.
To learn more about how to protect smart factories and their critical operations, read Trend Micro’s expertly crafted best practices and solutions:
Author: Ericka Pingol