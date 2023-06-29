Maurizio Milazzo, TXOne Networks Southern Europe Manager, explains what the consequences and costs of an attack in the OT world could be with the consequent blocking of production and gives some advice on how to avoid all of this.

Every operator, plant manager and OT expert knows full well that production shutdown can never be an option. No company wants to see its IT systems locked down or data encrypted, and the consequences of an attack in the OT world that disrupts production can be devastating .

Putting safety at risk

The most important and devastating consequence of an OT attack is the compromise of the safety of operators and citizens living in the vicinity of the plant. Attacks on industrial control systems (ICS) are not always aimed at gaining access to sensitive information or monetizing through ransomware. An increasing number of cyber attacks, even of the nation-state type, focus on the exploitation of OT resources and machines to modify the functionality of assets.

What could happen

Therefore, there can be no Safety without Cybersecurity. Take, for example, the attack on the electricity grid in Ukraine. BlackEnergy attempted to perform malicious operations remotely on safety switches, using remote management tools or Virtual Private Network (VPN) connections. The interruptions The power surges caused by the attack hit Ukrainian utilities, hurting many customers. While no casualties were reported, the situation may have caused health problems for people needing electromedical equipment treatment.

Loss of turnover

When the factory or plant shuts down, the organization loses a huge amount of money every minute. Plant downtime, caused by a ransomware attack, averages 21 days and varies depending on how well the company has set up its restoration in case of emergency. The question to ask in this case is, can we afford a 21-day shutdown?

The costs of ransomware

When ransomware strikes, the organization is forced to rely on backup information and configurations and/or pay the ransom to recover the data and restart production.

In this case you need to keep in mind what kind of knowledge base and backup data your OT environment has.

What are the consequences and costs of an OT attack

This could be tricky because many systems are often running for over 10 years and there is little knowledge of recovery procedures in the event of ransomware. Furthermore, even if an organization pays the ransom, rarely recover 100% of the data.

Purchase new OT equipment

Do you know how much PLC, HMI, SCADA and other industrial assets cost? These unique and highly specialized devices can cost hundreds of millions of euros. Imagine if you had to replace multiple infected machines in order to resume production, it would be extremely expensive.

Increased labor cost

In the event of a successful attack the company would no longer earn any money and would have to pay the additional labor costs to remedy the situation and install new protections. Many companies also hire consultants to handle the response to an incident. An attack can spread in seconds, but it takes a long time to detect, respond and recover from.

Reputation damage

As news of the attack spreads, an organization’s public reputation it gets worse. Some companies may lose the trust of their customers which they have built over a long time and which they will now recover over many years. Most companies affected by an attack also lose ground on the stock market. This is another blow to the open wound at a difficult and costly time, while a company’s reputation and economic loss can be recouped over time.

Take proactive steps

When evaluating your cyber defenses, the advice is to adopt solutions designed for OT environments. Solutions that they understand the specific protocols and desired output of the machines they will protect, to prevent any tampering, malicious reconfiguration and misuse. Beware of simply introducing IT security solutions into an OT environment.

Consequences and costs of an OT attack

While important for IT infrastructure, these solutions do not address the security requirements required in OT environments. The ideal is to have a reference strategy such as OT Zero Trust, supported by market-leading technologies for the protection of industrial endpoints and the defense of industrial infrastructure, which can guarantee production continuity and the provision of essential services.

