Word Notes 10.19.21
Ep 72 | 10.19.21

OT security (noun)

Transcript

Rick Howard: The word is: OT security. 


Rick Howard: Spelled: O for operational, T for technology, and security as in protection. 


Rick Howard: Definition: Hardware and software designed to detect and prevent cyber adversary campaigns that target industrial operations.  


Rick Howard: Example sentence: IT and OT cybersecurity differ in fundamental ways. Not only because IT and OT systems often require different security controls, but also because IT and OT security practitioners have different goals for securing their assets and different definitions for what secure means.  


Rick Howard: Origin and context.: One of the world's first OT attacks occurred in 1903 when Guglielmo Marconi, yes, that Marconi, that famous Italian engineer who invented the first practical wireless telegraph, attempted to securely send a message from my cliff top radio station in Cornwall, UK to London, some 300 miles away.  


Rick Howard: Neville Maskelyne, working for a Marconi competitor, the Eastern Telegraph Company, executed maybe the first ever man-in-the-middle attack, intercepting the traffic and sending Morse code to the distant end mocking Marconi. And you thought our modern day internet had trolls.  


Rick Howard: Operational technology consists of a superset of nontraditional electronics and software. In other words, these are systems not designed for the standard office worker and can control government, commercial, and home processes like water, power, air conditioning, and heating. Within the OT superset are industrial control systems, or ICS. These are systems that control essential industrial processes like mine site conveyor belts, oil refinery cracking towers, and electrical grid power consumption. The key word there is, processes that are emission critical and have a high availability requirement.  


Rick Howard: According to Graham Williamson from Kuppinger Cole Analysts," Most ICSs fall into either a continuous process control system, typically managed via programmable logic controllers, or PLCs, or discreet process control systems, or DPCs. These might use a PLC or some other batch process control device. Industrial control systems are often managed via a Supervisory Control and Data Acquisition system, or SCADA system. These provide a graphical user interface for operators to easily observe the status of a system, receive any alarms indicating out out-of-band band operation, or to enter system adjustments to manage the process under control." 


Rick Howard: In March 2000, Vitek Boden launched an Industrial Control System attack on Queensland, Australia, that resulted in the leaking of millions of gallons of untreated sewage into the surrounding waterways and parks. In a rare Jason Bourne- like car chase right out of the movies, the police captured Vitek with his laptop, SCADA equipment, and the radio transmitter he used to carry out the attacks.  


Rick Howard: In 2006, researchers at the Gartner Energy and Utilities IT Summit presented the term operational technology as applied to industrial control systems. Over the next decade, the alignment and integration of IT and OT systems picked up traction in the industrial space.  


Rick Howard: In late 2015, a group of Russian hackers called Sandworm attacked Ukraine's power grid causing the first ever blackout triggered by a cyber attack. According to the US Department of Energy, "Threat actors on multiple fronts continue to exploit cyber vulnerabilities in the US electrical grid. Nation states like Russia, China, and Iran, and non-state actors, including foreign terrorist and hacktivist groups, pose varying threats to the power grid." 


Rick Howard: Nerd reference: In the Cybersecurity Canon Hall of Fame book, "Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin's Most Dangerous Hackers," by WIRED columnist Andy Greenberg, Andy describes the Russian GRU's use of Ukraine as a training lab to use cyber attack, to cripple and destroy an enemy's critical infrastructure. 


Andy Greenberg: Sandworm is a group of Russian hackers that since late 2015 or so, have carried out what I think is the first full blown cyber war.  


Andy Greenberg: Starting in Ukraine, they attacked pretty much every part of Ukrainian society with these data destructive attacks that hit media and the private sector and government agencies and ultimately, the electric utilities causing the first ever blackouts triggered by cyber attacks. 


Andy Greenberg: Sandworm hit Ukraine's power grid, not once, but twice in late 2015. And then again, the late 2016. And then finally, this Ukrainian cyber war that Sandworm was waging essentially, in the middle of 2017, exploded out to the rest of the world with this cyber attack called NotPetya. A worm, a self-propagating piece of fake ransomware, that was actually just a destructive attack that spread from Ukraine to the rest of the world and took down a whole bunch of multinational companies, medical record systems, and hospitals across the United States. And ultimately cost $10 billion in global damages, the worst cyber attack in history by a good measure.  


Rick Howard: Word notes is written by Nyla Gennaoui, executive produced by Peter Kilpe and edited by John Petrik and me, Rick Howard. The mix, sound design, and original music have all been crafted by the ridiculously talented Elliott Peltzman. Thanks for listening.