This case involved a large mining operation experiencing OT network failures, affecting the control systems which resulted in increasing loss of production, and ultimately a complete site shutdown.
Why was Vernetzen engaged?
Vernetzen was engaged to determine whether or not these ongoing network issues were the result of malicious attack or an internal problem.
Leveraging its unique OT networking, engineering and process control disciplines, Vernetzen was tasked with finding the cause of the OT network failures and resolving the problems to return productivity to normal.
Utilising Vernetzen’s ZenEye tool to conduct a survey and analysis of the OT network, Vernetzen made the following findings:
It became immediately apparent that the root cause of network failures was a malicious attack causing data to constantly be sent between devices on the network, eventually consuming all the available bandwidth.
This DDoS (Distributed Denial of Service) attack was not allowing any operational data to reach its destination.
The malicious attack had gained access due to insufficient security practices and industry standards (NIST) were not met.
Recommendations
Malware and consistent phishing attempts were identified. Therefore, in order to prevent further breaches, Vernetzen conducted onsite in-depth cybersecurity seminars based upon best practices and industry standards (ISO27001 and NIST 800-82r2).
Further recommendations included:
Regular password changes.
Ongoing monitoring for phishing attacks.
Identification of phishing attack to be immediately reported to superior
Use of Vernetzens ZenEye tool to quickly and accurately take inventory of operational assets.
Data to be stored in multiple locations with security based upon ISO27001 standard.
Industrial networks uplifted to comply with NIST 800-82r2 standards.
Conclusions
I.T. has become accustomed to cyber attacks to steal intellectual property or to extort payments through the use of ransomware.
Cyberattacks on OT networks can have a devastating impact on production, with incremental degradation of a process particularly difficult to detect.
OT networks have at their core low-latency deign parameters, which often are at odds with the design objectives of IT networks.
Vernetzen understands these differences and therefore can make practical recommendations on how best to secure OT networks that underpin critical production processes.
Comments