Enterprise's security strategy to counter OT attacks
In recent years, the demand for OT (Operational Technology) security of companies is increasing. In fact, it was found that cyberattacks targeting the OT · ICS environment increased by 2000% last year. This is because cyberattacks targeting smart industrial facilities are increasing as the fourth industrial revolution begins and technology evolves. In particular, as manufacturers' connectivity increased, cyberattacks targeting these companies surged.
The case of Norsk Hydro ASA, a Norwegian aluminum manufacturer that was damaged in March last year by the ransomware “LockerGoga” is typical.
Norsk Hydro is a leading supplier of aluminum components in Europe and North America, with headquarters and branch offices. The company's production process includes systems that require a high degree of automation and extensive digital monitoring to ensure product quality. The LockerGoga attackers successfully targeted the company's systems and stopped working, and the situation worsened overnight, affecting IT systems in the United States and Europe. Norsk quickly isolated the problematic systems from the global network, but eventually led to production disruptions. The damage alone amounted to $ 41 million, and this event resulted in fluctuations in aluminum prices worldwide.
One more case, TSMC plant in Taiwan was shut down due to an attack by a variant of the “Warner Cry” ransomware. In August 2018, TSMC, the world's largest semiconductor consignment production company, suffered the most serious security incidents since its inception. The reason was that a virus infiltrated the corporate computer network as a TSMC employee connected a removable storage device (USB) that had not been scanned for viruses during the software upgrade process. Because of this, three 12-inch wafer production lines were shut down, causing serious damage to production. As a result, TSMC's shares fell 1.2%, and it was reported that the loss on the day of the incident exceeded 11 billion won. Most of all, it was a major blow to the credibility of Taiwan's leading companies with major clients such as Apple, Qualcomm, and NVIDIA.
Attackers usually have more data than individuals, so they are targeting highly profitable companies or highly vulnerable industries when attacking. According to a British manufacturing association survey, 48% of manufacturing companies actually experienced damage from cyberattacks. Best of all, manufacturers have important product information available to competitors, making them a profitable target for hackers.
OT security mainly refers to technology for the operation of industrial machines or processes, that is, security for systems for controlling various machinery and processes in factories. In the past, these systems did not feel the need for security because most of the hardware, operating system, software, and interface used dedicated specifications.
However, the IoT concept, in which everything is connected to the Internet, extends to the industrial field, and the time has
come for us to prepare for security in the OT area, which has never been aware of security. Many industrial devices are also connected to the Internet.
On the other hand, according to the era of the 4th Industrial Revolution, large-scale infrastructure areas such as transportation, communication, buildings, and even smart cities are included in the area of OT. This suggests that the threat was not just limited to facilities such as factories or power plants, but faced the same problems with large-scale plants, major national infrastructure, and military security facilities.
An OT that does not internalize security has no choice but to become an attacker. With the proliferation of IoT, more and more closed-network facilities are connecting with IT, and also connecting with the Internet and the cloud to increase the possibility of access by attackers. In each industry, a systematic information protection system should be preceded, and it is time for companies to examine current security policies and take steps to prepare for them.
Softcamp provides GateXcanner, an external inflow file verification system, as a countermeasure against a rapidly increasing attack network attack. GateXcanner is a kiosk that verifies viruses, firmware, and malicious code hidden in files when importing external files to external storage media such as USB, CD, external hard drives, etc.
In addition to verifying the risk of external files, it is possible to store incoming files, generate automatic history, and has stability and convenience with intuitive UI / UX. In particular, it was listed in Gartner's CDR solution vendor last year (* 5 Core Security Patterns to Protect Against Highly Evasive Attacks: Five major security pattern reports that respond to high-level evasive attacks) and provide enhanced security with Softcamp’s proven SHIELDEX solution.
No matter how security-enhanced, external files need to be imported internally for business collaboration, or external files need to be continuously patched to manage external files. Maintain a safe working environment with security verification of patch files.