The most frequent category of a cyber attack caused outage in OT and Operations, is ransomware infecting systems on the IT network, also called the corporate or enterprise network. Stated another way, most cyber incidents causing an outage in Operations never reach the OT network or systems. The 2024 ICS STRIVE / Waterfall Security Solutions Threat Report stated that only 24% of publicly reported cyber attacks with physical impacts in Operations were attacks that compromised OT systems or devices.
Why?
Operations often relies on systems on IT.
In the Colonial Pipeline incident, operations couldn’t continue without a scheduling server on IT. In the Clorox incident, operations couldn’t continue without IT based systems sending in orders and shipping information. Food and beverage companies rely on recipe systems that typically are on IT. And so on.
Your task this week is to discover what systems, if any, on IT are required for Operations. Assume all of IT is unavailable. What information or services would no longer be available for OT and Operations? Dig deeper and identify what systems on IT are required to provide this information or service?
If you’ve suffered ransomware on IT, this week’s task should be easy. If you haven’t yet experienced ransomware, think back to other outages on IT. What caused a problem in Operations?
Your firewall ruleset at the IT / OT security perimeter can help you understand information flows and potentially key IT systems. Interview people in Operations and people who rely on information flowing from IT to OT and OT to IT.
For each information set or service you identify, find out how long Operations could continue producing your product, or service, at an acceptable level without the IT information or service. For example, you may be able to go many months without receiving security patches from IT, and perhaps you couldn’t manufacture food & beverage products without access to the recipe server on IT.
Don’t consider alternate ways of providing the IT information or service, such as paper backup, manual systems, or phone calls. This will be addressed in Weeks 20 – 22.
| Key System In IT | Purpose | Max Outage Time |
Subscribe to Dale’s ICS Security: Friday News & Notes email.