What industrial-control-system vulnerabilities can teach us about protecting the supply chain
Over the past year, we saw many unpredictable challenges. To stay connected and keep things moving while adhering to social distancing restrictions, many organizations had to expedite their digital transformation initiatives. The industrial and critical infrastructure sectors are particularly vulnerable due to the older nature of the devices used in industrial control systems (ICS). Their increased attack surface leaves these organizations particularly susceptible to cyberattacks, specifically in the supply chain.
SolarWinds and the Supply Chain
Awareness of supply chain attacks has been steadily growing over the past decade as major security incidents became known. These include the 2013 Target security breach, in which the credentials for a heating and air conditioning vendor were stolen and used to access the retail giant’s network, or the 2017 NotPetya attack, in which several multinational corporations’ software updates were affected by ransomware, shutting down company technology and crippling business. The recent SolarWinds Orion software attack brought attention back to the vulnerable nature of the supply chain and the urgent need for increasing security measures at all stages.
Months after the SolarWinds breach was disclosed in December 2020, details about the full extent of the damage are still being uncovered. The affected product was incredibly widely used, making it quite difficult to pinpoint exactly how the breach happened. This stresses the need for increased visibility in all areas of the supply chain — in both information technology (IT) and operational technology (OT). The increasing convergence of IT and OT networks has contributed greatly to the susceptibility of the supply chain, while increased visibility in both areas could have raised awareness of the attack’s presence and the potential for preventing it.
Recovering From the Fallout
As we have yet to understand the full impact of the SolarWinds attack, recovering from it will be an ongoing process. Organizations and their security teams will tighten up policies and practices that they may have loosened in the past. There is growing pressure on the US government to take action to protect against a similar event. Even so, organizations that were and want to prevent being affected are increasing security measures and paying closer attention to the tools in their technology stack.
In addition to dealing with the fallout from the SolarWinds attack, organizations are still seeing effects from the COVID-19 pandemic. The increase in remote workers and delays in rolling out new equipment and upgrading existing equipment created security gaps. Ransomware attacks are also on the rise, specifically targeting critical infrastructure that cannot afford downtime caused by an attack and are therefore more likely to pay up. Attacks could come in the form of stealing sensitive data, malware, identifying valuable assets in the network, or even targeting specific equipment and operating systems.
Given these factors, we must pay special attention to the COVID-19 vaccine supply chain.
To read the complete article, visit Dark Reading.