Critical Infrastructure Security
,
Governance & Risk Management
,
Operational Technology (OT)
Cross Sector Dependencies in OT Hinders Attack Response
A cyberattack of any significant scale against operational technology in America’s vital infrastructure and services would almost immediately overwhelm the online and offline resources available to responders, experts said this week.
See Also: How Cyberattacks Can Turn Battery Farms Into Grid Blackouts
“We have a very large mismatch between expected capacity, expected demand, and current capacity,” said Josh Corman, executive in residence for public safety and resilience at the Institute for Security and Technology.
Cross sector dependencies mean no power equals no water. No water equals no hospitals, Corman told a panel at Critical Effect, an annual gathering of operational technology and industrial control systems security specialists, engineers and advocates.
In a large-scale attack, geographical factors would also come into play, pointed out panelist Natalie Sullivan, assistant professor of emergency medicine at George Washington University Hospital.
“When one hospital goes down, the entire region is affected,” she said. Hospitals generally avoid evacuations. “It’s incredibly rare because it is so difficult and so dangerous for your patients, and if it’s a regional outage, where are you taking these people? Where are you evacuating them to?”
A cyberattack that hit OT systems at just one percent of the 50,000 to 60,000 community water systems in the United States would completely overwhelm the entire world’s OT incident response capability, said Munish Walther-Puri, head of critical digital infrastructure at the TPO Group.
He said a survey he’d conducted a couple of years ago found with moderate confidence that there were 200 to 500 incident response firms and 1,000 to 3,000 trained incident responders worldwide, with fewer than 1,000 focused on OT.
And, in the U.S., employers might not be able to rely on their staff to be there, if they had special skills, added Chuck Weissenborn, CTO for Dragos public sector.
In a crisis, “My employees that are national guardsmen, that are reservists, that work in this industry are probably going to get pulled because of their subject matter expertise to go do something governmental or military in nature,” he said.
He added that caution was needed to ensure expertise was still available to the private sector and state and local authorities.
“If we’re not careful when we think about how we’re utilizing people and where they’re going and where we prioritize, we’re going to find ourselves in a situation where the people that our utility partners are relying on are no longer going to have the subject matter experts available to them.”
On Thursday, Dragos announced that consulting giant Accenture had acquired a majority stake in it for $3.2 billion valuation (see: Accenture Buys Majority Stake in Dragos in $4.2B Deal).
“OT incident response just got a lot more capable,” Dragos founder and CEO Rob Lee told ISMG in a statement. “Our incident response team now has an even broader OT cybersecurity platform to take into incidents, and to have ahead of time in customer environments.”
He said Dragos IR staff and Accenture’s “amazing” incident response team would leverage each other’s capabilities.
Click Here For The Original Source.
