The American Cybersecurity and Infrastructure Security Agency (CISA) has announced that an American critical infrastructure operation has been affected by ransomware attacks. The attack was caused by a Spearphishing technique that targeted workers of a natural gas compression facility. The ransomware encrypted the plant’s IT and OT networks causing a partial loss of view for human operators. While the attack only infected Windows devices, the impact of human-machine interfaces had a significant impact.
In light of this, several cybersecurity professionals have imparted some insight into the case, highlighting the lessons that enterprises should learn from this event:
Richard Bejtlich, principal security strategist at Corelight:
“This incident highlights the need for operators of critical infrastructure to instrument their networks in at least three important locations:
1) at the gateway connecting the Internet and their information technology (IT);
2) at the gateway connecting the Internet and their operational technology (OT); and
3) at the gateway connecting the IT and OT networks.”
Nigel Stanley, CTO at TUV Rheinland:
“IT and OT networks are frequently interlinked as business systems need to have a view on control systems. Unfortunately, with poor network segmentation, firewalling and protection of internet work conduits, pivoting of malware such as this will be seen more and more often. Of note is the need to ensure that cyberattacks on OT systems have a decent and well-rehearsed incident response plan, coupled with a similarly implemented business recovery plan. The CISA has been helpful in highlighting this incident.”
Stuart Sharp, VP of Solution Engineering, ransomware attack american energy plant
