We need to talk about operational technology

Groups like Volt Typhoon are abusing poor hygiene in critical infrastructure to pre-position for attacks

The text "We need to talk about operational technology" against an abstract background of red and blue light on glass. The words "operational technology" are in yelow, the rest are in white. In the bottom-right corner, the ITPro podcast is shown.
(Image credit: Future)
Rory Bathgate's avatar
By
published
in Features

Cyber attacks can feel a layer detached from the real world. Yes, businesses frequently see IP stolen, get frozen out of systems, or have data wiped by malicious actors. But if you haven’t got your finger on the pulse, cyber attacks can also fail to register in your day to day.

But there are instances where cyber attacks come crashing into the lives of everyday people, and become impossible to ignore: when attackers go after critical infrastructure and operational technology.

Breaches and malware attacks at power and water plants, against core supply chain organizations, or against transport networks can all cause catastrophic damage, enormous financial losses – and even lead to deaths. What are some of the groups leading the charge against critical infrastructure, how are groups targeting operational technology – and what can we do to protect that infrastructure we hold most dear?

In this episode, Rory speaks with Magpie Graham, technical director of intel and services at Dragos, to discuss attacks on operational technology, critical infrastructure, and the future of large-scale cyber attacks.

Highlights

"We're used to hearing about attacks against a server, maybe it's a mail server, could be a firewall, something in the periphery that is exposed to the internet. But unfortunately, the cyber hygiene around a lot of OT systems is so poor that there is actually exposure to the direct Internet with a service that would actually allow manipulation of those processes within an OT environment, often not even requiring any form of authentication, never mind the requirement to exploit that software that's running."

"When you're looking at endpoints of a network where four or five different groups be egressing from, it's not always easy to categorize which group is it that's interested in which target, or at what point in their larger operational plan are they. Is this reconnaissance we're seeing? Are they scanning external infrastructure to look for vulnerabilities, or is this actually part of a dedicated, focused intrusion at a specific organization?"

"So something we try to do whenever a bulletin comes in from a vendor is to actually say, if you can't patch, you can take these additional steps. And it could be as simple as blocking a port, it could be that you re-architect part of the network, you don't have to necessarily have brilliantly segregated, distinct networks for all of your OT and your different processes that are firewalled off from each other. I mean, ideally you should, but if you can't maybe that piece of equipment should be behind an additional firewall."

Footnotes

Subscribe 

Rory Bathgate
Rory Bathgate
Features and Multimedia Editor

Rory Bathgate is Features and Multimedia Editor at ITPro, overseeing all in-depth content and case studies. He can also be found co-hosting the ITPro Podcast with Jane McCallion, swapping a keyboard for a microphone to discuss the latest learnings with thought leaders from across the tech sector.

In his free time, Rory enjoys photography, video editing, and good science fiction. After graduating from the University of Kent with a BA in English and American Literature, Rory undertook an MA in Eighteenth-Century Studies at King’s College London. He joined ITPro in 2022 as a graduate, following four years in student journalism. You can contact Rory at rory.bathgate@futurenet.com or on LinkedIn.

Latest
You might also like
View More ▸