Security Experts:

Connect with us

Hi, what are you looking for?



Why WannaCry Was a Wake Up Call for Critical Infrastructure Security

Many OT Networks are Susceptible to Threats Like WannaCry

Many OT Networks are Susceptible to Threats Like WannaCry

The WannaCry ransomware attack impacted more than 10,000 organizations in 150 countries, including manufacturing and industrial organizations like Nissan, Renault and Dacia, Spanish Telefónica and Deutsche Bahn. It’s likely that a fair number of industrial organizations have been impacted, but haven’t reported the incidents since they are not required to do so by regulatory requirements. 

While WannaCry did not directly target industrial control systems, cyber security researchers have demonstrated that Ransomware can be designed to compromise industrial controllers used to operate industrial facilities such as manufacturing plants, water and power utilities and critical infrastructures. Let’s consider what the industry sector can learn from this attack when it comes to protecting their operational systems from cyber threats?

Air Gap has been Erased by Connectivity

Today, most OT networks are susceptible to threats like WannaCry because these networks are increasingly exposed to the internet and external world. Trends like IIoT, Industrie 4.0 and connected industry are driving this connectivity. Although  it provides many benefits like enabling better predictive analysis, improving supply chain logistics and increasing the efficiency of manufacturing processes, this connectivity also exposes these environments to cyberthreats.

Patching Industrial Systems is Hard

One of the problems that industrial organizations face in preventing ransomware infections is patching their windows-based end-points. While patching windows-based machines is a standard best practice in IT networks, in OT environments this isn’t always possible. 

For example, some OT vendors do not recommend patching servers, HMI and engineering stations before rigorous tests are performed since  applying untested patches may render the operational system or software unstable or unavailable. This can make a bad situation worse. As a result, industrial organizations might not be able to patch systems in a timely manner and therefore remain exposed.

The situation is even worse for operational technologies like PLCs, RTUs and DCS controllers. These purpose-built computers execute code and control-logic to manage and ensure the safety of industrial processes. Not only are these critical assets vulnerable and lacking basic security controls, they are also very difficult to patch. As a result it is much harder to protect industrial environments against these type of threats. 

In addition, many industrial environments operate continuous processes that can’t be stopped. Oil and gas companies, for example, can’t take a pipeline or turbines off line in order to patch supporting systems. In addition, concerns around operational safety and stability can hinder patching in these environments.

What Can be Done to Protect ICS

The first thing industrial organizations should do is patch all the computers that can be patched. This is a standard best practice in all environments. However, as explained, in OT environments it isn’t always possible. Therefore, organizations should take a hard look at systems that can’t be patched and consider other ways to protect them. 

Defense in depth is the best approach for protecting any company, which requires multiple layers of security. Starting with perimeter defenses, and network defenses, right down to protecting each and every critical asset. The problem in OT environments is that for decades organizations haven’t deployed defense layers beyond the perimeter. We can no longer ignore the fact that threats can find a way into these networks and the critical assets like PLCs, RTUs and DCSs must be protected.

WannaCry is the latest example of what happens when  a global cyber attack occurs. These incidents  often create a sense of urgency around industrial cyber threats and their fallout. Justifiably so. If WannaCry had targeted industrial controllers, it would have been much more difficult to protect them and the damage would have been much more widespread.

Related: Learn More at SecurityWeek’s ICS Cyber Security Conference

Written By

Click to comment

Expert Insights

Related Content

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...


Otorio has released a free tool that organizations can use to detect and address issues related to DCOM authentication.


Vulnerabilities in GE’s Proficy Historian product could be exploited for espionage and to cause damage and disruption in industrial environments.


A hacktivist group has made bold claims regarding an attack on an ICS device, but industry professionals have questioned their claims.

Cybersecurity Funding

Internet of Things (IoT) and Industrial IoT security provider Shield-IoT this week announced that it has closed a $7.4 million Series A funding round,...


Vulnerabilities in industrial routers made by InHand Networks could allow hackers to bypass security systems and gain access to OT networks.


Organizations using controllers made by Rockwell Automation have been informed recently about several potentially serious vulnerabilities.


Researchers have demonstrated that threat actors could obtain global private keys that protect some of Siemens’ industrial devices, and the vendor says it cannot...