With the “CyFENCE & SIEM Service” solution, this attack would have had no effect on industrial installations.
New cyber attack affecting control over the OT network of a natural gas compression facility published by the Cybersecurity and Infrastructure Security Agency (CISA) (More info : https://www.us-cert.gov/ncas/alerts/aa20-049a).
The attacker managed to gain access to the organization’s computer network and then was able to infiltrate the OT network. The ransomware was then able to reach both networks (IT and OT).
Consequences: it was impossible to read the data coming from the OT. The interruption lasted two days, resulting in a loss of productivity.
This attack was due to the lack of robust security between the IT and OT area, which allowed the attacker to impact assets on both networks.
The CISA outlines some security measures to be implemented to prevent this type of attack, which are included in the features of CyFENCE & SIEM Service, our new solution in partnership with Gfi :
- Implement and ensure robust network segmentation between computer networks and OT networks to limit the ability of adversaries to rotate to the OT network even if the computer network is compromised. Define a Demilitarized Zone (DMZ) that eliminates unregulated communications between computer networks and OT networks: CyFENCE integrates dual network segmentation as well as a DMZ. Partitioning between different OT zones is also managed in CyFENCE.
- Ensure traceability of the DMZ by centralizing and analyzing the event logs of the equipment that makes it up: SIEM Service provides a log collector within the DMZ so that a cyber analyst can detect and prevent abnormal behavior on IT/OT exchanges.
- Define acceptable communication channels between zones and deploy security controls to filter network traffic and monitor communications between zones. Prohibit Industrial Control System (ICS) protocols from traversing the IT network: Filtering through the use of two firewalls and protocol disruption allows advanced flow management.
- Create and test regular data backup procedures on the IT and OT networks. Ensure that backups are regularly tested and isolated from network connections that could allow the propagation of ransomware: CyFENCE integrates backup management for workstations but also for PLC programs.
- Update software, including operating systems, applications and firmware on computer network resources: CyFENCE integrates an update management system for both PCs and PLCs or network equipment.
Don’t wait any longer to integrate the “CyFENCE & SIEM Service” solution in order to anticipate, protect and counter computer attacks on your existing or future industrial installations.