Cybersecurity and Industrial IT Sabotage
This case involves a large mining operation experiencing increasing OT network failures, particularly affecting the control systems, which resulted in increasing loss of production, and ultimately a complete site shutdown.
Vernetzen was engaged to determine whether or not these ongoing network issues were the result of malicious attack or an internal problem, and find the appropriate solution irrespective of the cause of the operational disruption.
Utilising Vernetzen's ZenEye tool to conduct a survey and analysis of the OT network, Vernetzen made the following findings:
It became immediately apparent that the root cause of network failures was a malicious attack causing data to constantly be sent between devices on the network, eventually consuming all the available bandwidth.
The DDoS (Distributed Denial of Service) attack was not allowing any operational data to reach its destination.
The malicious attack had gained access due to insufficient security practices and industry standards (NIST) were not met.
Once identified both the malware and consistent phishing attempts, Vernetzen:
Conducted onsite in-depth cybersecurity seminars based upon best practices and industry standards (ISO27001 and NIST 800-82r2).
Industrial networks uplifted to comply with NIST 800-82r2 standards.
Ongoing monitoring for phishing attacks and to be reported immediately to superior.
Used of ZenEye tool to quickly and accurately take inventory of operational assets.
Data to be stored in multiple locations with security based upon ISO27001 standard.
Traditional OT networks have been kept separate from IT networks and the internet. With IT and OT convergence, it is important to understand their interdependencies. As OT networks become widely connected to external sources, they become more vulnerable to malicious attack. When connecting IT and OT networks together, it is important to ensure the security of OT endpoints as these can offer easy access to an otherwise secure IT network.