Last week Rendition Infosec founder Jake Williams contributed an article for next month’s issue of Power Grid International magazine. The article highlights the need for utilities to monitor their IT networks in order to protect their OT networks from compromise. Today’s release of the excellent CRASHOVERRIDE report by Dragos Inc only reinforces the points Williams’ made in his article.
While a simple Shodan search will show many ICS devices directly connected to the Internet, these organizations obviously aren’t following best practices in the first place. Monitoring would certainly help these organizations to detect threats as well, but they honestly have bigger problems that start with segmenting their networks.
For those utilities that have already segmented IT from OT (operational technology), monitoring the IT network is absolutely critical. Most attackers enter the OT network from the IT side of the network through phishing emails or other commodity exploits. They then noisily stumble through the network looking for the bridge between IT and OT. Even if the networks are completely airgapped (few truly are in our experience), attackers will eventually find a way to get malware to the OT side. But along the way, attackers usually make a ridiculous amount of noise trying to find the places where the IT and OT networks are joined.
Read the full story here.
While a simple Shodan search will show many ICS devices directly connected to the Internet, these organizations obviously aren’t following best practices in the first place. Monitoring would certainly help these organizations to detect threats as well, but they honestly have bigger problems that start with segmenting their networks.
For those utilities that have already segmented IT from OT (operational technology), monitoring the IT network is absolutely critical. Most attackers enter the OT network from the IT side of the network through phishing emails or other commodity exploits. They then noisily stumble through the network looking for the bridge between IT and OT. Even if the networks are completely airgapped (few truly are in our experience), attackers will eventually find a way to get malware to the OT side. But along the way, attackers usually make a ridiculous amount of noise trying to find the places where the IT and OT networks are joined.
Read the full story here.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.