Rise of disruptionware

Industry 4.0 / IOT

“Disrupting” traditional business models might be hot talk for start-ups pitching investors, but in the world of manufacturing, transportation, energy and similar sectors, real “disruption” of production and facilities due to cyberattacks can have devastating safety and financial consequences. 

The old concepts of malware wreaking havoc in a system for monetary gain are still present, but a new breed of attacks that we call “disruptionware” is wreaking havoc in networked industrial control system (ICS) and operational technologies (OT) environments. These attacks are becoming increasingly consequential for the operator community because of the immediate disruption to operations and the potential safety impact to employees. 

A joint report with Forescout and the Institute for Critical Infrastructure Technology (ICIT), a cybersecurity think tank in Washington, D.C. digs into this concerning trend. The report titled “The Rise of Disruptionware: A Study on How Disruptionware Like LockerGoga Significantly Impacts Critical Infrastructure” examines the attack patterns targeting critical industry sectors like manufacturing, including ransomware, disk-wiping malware and similarly disruptive malicious code.

Here are some of the key highlights:

 

Modernising the shop floor but forgetting cybersecurity 

The attack surface was narrower when you had to scale walls or cut fences to get at a manufacturer’s network. But operators today are making massive investments in newer, more productive and efficient equipment that relies on connectivity to receive orders, self-diagnose issues and scale to demand. Those updated systems, which are often connected to the Internet and traditional IT networks, have changed the risk equation for cybersecurity because they can potentially be hacked from afar. 

In the typical IT security world, a ransomed file or infected laptop can be quickly restored thanks  to strong backup and recovery postures. But manufacturing assembly lines or water pumps damaged by malware or the ripple effects of a cyberattack don’t have that luxury. You cannot simply restore those physical goods with a cloud back-up. And, without that backup, a cyberattack can mean immediate interruption of services, regulatory issues and financial hits.

 

“Duptionware” is more than just a nuisance 

Disruptionware is about more than just preventing access to systems and data. It is about suspending operations, disrupting continuity, and crippling a business’s ability to engage in operations, gather resources, and disseminate deliverables. 

In the past year, relatively low sophistication ransomware like LockerGoga has plagued a variety of industries. One manufacturing company that became infected with LockerGoga estimated the impact to its business to be north of $40 million just after one week of downtime. 

Forescout expects the wave of “disruptionware” to continue to impact critical infrastructure with malicious actors having a variety of goals, which can include receiving a ransom, exfiltrating data to sell, leaving a backdoor to allow further attacks, or even suspending operations just long enough to allow another company to obtain a high profile contract.

 

Recommendations to improve resiliency

Utilities, shipping companies and factories look and operate very differently, but our report with ICIT argues that these sectors all have more in common than you might think. When it comes to approaches for mitigating disruptionware’s risks – the basics matter the most. 

Operators need to understand the degree to which physical equipment, control systems, office IT and other assets touch each other and ultimately, the Internet using visibility and control solutions. Otherwise they risk having security blind spots. They also need to make sure these rapidly-changing network connections are properly segmented and watch for changing patterns in network behaviour that could indicate someone off-premise might be introducing a shared connection to exploit for intrusion. Other risk factors include wider use of vulnerable third-party partners and services in critical sectors and “network drift,” which is when unmonitored devices creep onto the network.

In the world of pipelines, factories and power plants, digital hazards consist of much more than just malicious intruders – any type of outage or disruption, even if due to false-positives or errors, still causes harm. But there is common ground that can be found under security and modernisation as these disruption-sensitive industries push toward new software and connectivity technologies.   

Publishing Information
Page Number:
24
Related Articles
Affordable sensors plus bearings and GenAI support predictive maintenance
According to PwC, 70 percent of CEOs worldwide believe Generative AI (GenAI) will significantly transform the way their companies create, deliver and capture value. That includes manufacturers, who...
Responding swiftly to natural disasters
Remote telemetry systems are more essential than ever for protecting critical infrastructure.
Remote telemetry systems are more essential than ever for protecting critical infrastructure
Natural disasters are on the rise. According to figures by the United Nations and World Meteorological Organisation, the last 50 years have seen a five-fold increase in environmental catastrophes....