Security Experts:

Connect with us

Hi, what are you looking for?



Why WannaCry Was a Wake Up Call for Critical Infrastructure Security

Many OT Networks are Susceptible to Threats Like WannaCry

Many OT Networks are Susceptible to Threats Like WannaCry

The WannaCry ransomware attack impacted more than 10,000 organizations in 150 countries, including manufacturing and industrial organizations like Nissan, Renault and Dacia, Spanish Telefónica and Deutsche Bahn. It’s likely that a fair number of industrial organizations have been impacted, but haven’t reported the incidents since they are not required to do so by regulatory requirements. 

While WannaCry did not directly target industrial control systems, cyber security researchers have demonstrated that Ransomware can be designed to compromise industrial controllers used to operate industrial facilities such as manufacturing plants, water and power utilities and critical infrastructures. Let’s consider what the industry sector can learn from this attack when it comes to protecting their operational systems from cyber threats?

Air Gap has been Erased by Connectivity

Today, most OT networks are susceptible to threats like WannaCry because these networks are increasingly exposed to the internet and external world. Trends like IIoT, Industrie 4.0 and connected industry are driving this connectivity. Although  it provides many benefits like enabling better predictive analysis, improving supply chain logistics and increasing the efficiency of manufacturing processes, this connectivity also exposes these environments to cyberthreats.

Patching Industrial Systems is Hard

One of the problems that industrial organizations face in preventing ransomware infections is patching their windows-based end-points. While patching windows-based machines is a standard best practice in IT networks, in OT environments this isn’t always possible. 

For example, some OT vendors do not recommend patching servers, HMI and engineering stations before rigorous tests are performed since  applying untested patches may render the operational system or software unstable or unavailable. This can make a bad situation worse. As a result, industrial organizations might not be able to patch systems in a timely manner and therefore remain exposed.

The situation is even worse for operational technologies like PLCs, RTUs and DCS controllers. These purpose-built computers execute code and control-logic to manage and ensure the safety of industrial processes. Not only are these critical assets vulnerable and lacking basic security controls, they are also very difficult to patch. As a result it is much harder to protect industrial environments against these type of threats. 

In addition, many industrial environments operate continuous processes that can’t be stopped. Oil and gas companies, for example, can’t take a pipeline or turbines off line in order to patch supporting systems. In addition, concerns around operational safety and stability can hinder patching in these environments.

What Can be Done to Protect ICS

The first thing industrial organizations should do is patch all the computers that can be patched. This is a standard best practice in all environments. However, as explained, in OT environments it isn’t always possible. Therefore, organizations should take a hard look at systems that can’t be patched and consider other ways to protect them. 

Defense in depth is the best approach for protecting any company, which requires multiple layers of security. Starting with perimeter defenses, and network defenses, right down to protecting each and every critical asset. The problem in OT environments is that for decades organizations haven’t deployed defense layers beyond the perimeter. We can no longer ignore the fact that threats can find a way into these networks and the critical assets like PLCs, RTUs and DCSs must be protected.

WannaCry is the latest example of what happens when  a global cyber attack occurs. These incidents  often create a sense of urgency around industrial cyber threats and their fallout. Justifiably so. If WannaCry had targeted industrial controllers, it would have been much more difficult to protect them and the damage would have been much more widespread.

Related: Learn More at SecurityWeek’s ICS Cyber Security Conference

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...


The overall effect of current global geopolitical conditions is that nation states have a greater incentive to target the ICS/OT of critical industries, while...


Otorio has released a free tool that organizations can use to detect and address issues related to DCOM authentication.


Cybersecurity firm Forescout shows how various ICS vulnerabilities can be chained for an exploit that allows hackers to cause damage to a bridge.


More than 1,300 ICS vulnerabilities were discovered in 2022, including nearly 1,000 that have a high or critical severity rating.

Cybersecurity Funding

Internet of Things (IoT) and Industrial IoT security provider Shield-IoT this week announced that it has closed a $7.4 million Series A funding round,...


Siemens and Schneider Electric address nearly 100 vulnerabilities across several of their products with their February 2023 Patch Tuesday advisories.


White hat hackers received $180,000 at Pwn2Own Miami 2023 for exploits targeting widely used ICS products.