Poland’s Energy Sector Incident is a Warning
Last December hackers compromised the operational technology (OT) networks in several Polish energy sector providers including renewable energy, heat and power and even a manufacturing firm.
What is different about this attack is that it successfully targeted the OT networks – the networks that control how energy is produced and transmitted as opposed to the office or IT networks. IT networks have been being attacked for decades so that is not new.
But, for the most part, OT networks, while everyone has been worried about them being attacked, have escaped MOSTLY unscathed.
But here is where IT and OT merge and where a CISA Binding Operational Directive comes in.
The Polish attackers got in by compromising a “vulnerable Internet-facing edge device”. In English, that means a firewall or router. Probably one that the vendor was no longer issuing patches for.
From there they deployed malware that damaged some of the OT hardware, in this case called Remote Terminal Units or RTUs. RTUs talk between the hardware out in the field or in the factory and the brains called SCADA controllers that orchestrate the dance and, hopefully, keep the lights on and the factories running.
In this case, the malware destroyed data and corrupted system firmware. This would stop system operators from knowing what the system is doing and giving it commands to make changes. In energy that could mean shutting down or firing up units and changing how power is being routed. If a power network gets unbalanced as a result, it will cause a blackout as a safety measure..
CISA identified a number of recommendations for reducing the attack surface.
Separately, they issued a Binding Operational Directive or BOD that requires all federal civilian executive branch (FCEB) agencies to identify and replace all hardware which is no longer being supported – like having security patches released – within the next year. YOU SHOULD DO THIS TOO!
The recommendations apply not only to critical infrastructure and government agencies, but much of it applies to you as well. If you have questions, please contact us.
Credit: CISA and The Register
by 