Someone remotely accessed the system, but employees thwarted the hacker from moving laterally into other IT infrastructure. In February, water treatment plant employees noticed that sodium hydroxide levels were rapidly rising on their computer screens. The water treatment plant in Oldsmar, Florida: A lesson in visibility Detected threats can be forwarded to SIEM/SOAR systems for investigation or to trigger automated response actions. This sort of approach requires network monitoring and enforcement tools to identify current network communications, to detect threats and violations and to enforce segmentation rules. When an incident is detected on the IT network, compromised devices should be quarantined and all communication between IT and OT should be blocked. For example, the communication of programmable logic controllers (PLCs) can be analyzed at the packet level to detect anomalies or signatures of known attacks. With a better understanding of how IT and OT networks are connected and are communicating, security teams can respond to threats more quickly.
For example, there is no reason why field devices should be able to communicate with IP security cameras.
Water plant employees used same teamviewer Offline#
Once Colonial Pipeline knew its IT operations were affected, it chose to proactively take its OT systems offline to prevent the attack from spreading.Īs IT and OT networks continue to converge, organizations need to understand how these networks are connected and take the appropriate steps to protect high-risk assets. When Colonial Pipeline CEO Joseph Blount testified before the US Congress, it was revealed that the attack was completely avoidable Blount admitted that the hackers, the Darkside ransomware group, gained access through a VPN that did not require multifactor authentication.Īlthough Darkside took control of Colonial Pipeline’s IT systems, network segmentation limited the impact of the attack on Colonial Pipeline’s operations. The Colonial Pipeline ransomware attack was one of the most significant attacks in 2021 because it caused a gasoline shortage crisis. Colonial Pipeline: A lesson in network segmentation In each instance, there are key OT security lessons to be learned, so that other organizations can avoid repeating history. The Colonial Pipeline, Oldsmar water treatment plant, and Iranian Railways incidents are etched into our memories because of their real-world impact, but the headlines only tell part of the story.
What do an oil pipeline, a water treatment plant, and a railway system have in common? They each rely on operational technology (OT) environments, and they were all victims of cyber attacks that generated headlines around the world.