Securing the Supply Chain

Operational Technology (OT) is under attack.

Maritime, Transportation, Oil and Gas, Energy, Water, Manufacturing and virtually all other types of cyber-physical systems are under constant siege by individual hackers, hacker syndicates, hacktivists, and nation-state actors.  Suddenly, direct cyber-strikes on operations are slowly giving way to targeted attacks on the supply chain – against third-party vendors who supply machines, systems, subsystems, and services. Lacking visibility into the components and activities and security levels of suppliers, industrial and critical infrastructure operators are vulnerable.

Nature of OT Cyber Attacks

No matter how securely an industrial operator runs its business, a weak link anywhere in the supply chain can expose the operation, including any of its cyber-physical activities, to chaos, safety breaches, downtime, loss of confidential operating data, and financial ruin.

Today, OT operators acquire hardware and software products from third-parties to automate various aspects of their operations. Among these are:

• Machine builders
• Providers of physical components like sensors, actuators, controllers, and other devices
• IIoT device creators
• Networking equipment suppliers
• Computer suppliers
• Software developers (applications, operating systems)
• System integrators
• Installers and maintenance personnel

Here is an example: A popular infotainment system might be installed in hundreds of thousands of trucks and cars. A vulnerability in a USB or Bluetooth connection could allow a threat actor to compromise not one but numerous vehicles’ Controller Area Network (CAN), enabling lateral movement to the engine or brakes or to any of the growing number of systems that vehicles now use to communicate with the outside, such as GPS and toll-payment systems.

Threat actors can deploy compromised machine, device, equipment, or software into a cyber-physical system at any point in the life cycle: during development, installation, production, or maintenance.

Operators do not have sufficient cyber visibility into the third-party products and services they use. If the suppliers do not maintain strict and effective cybersecurity measures, their machines and devices can become inviting vectors for cyberattacks by hackers who may exploit them to gain access to the operator’s network and assets.

Recent OT Cyber Attacks

A survey commissioned by Palo Alto Networks shows that many industrial organizations experience cyberattacks, and in a significant percentage of cases they lead to OT operation shut down. Conducted in December 2023, the survey polled 2,000 respondents from across 16 countries in the Americas, Europe, and APAC. Three-quarters of respondents said they had detected malicious cyber activity in their OT environment, and almost a quarter of them said they were forced to shut down OT operations due to a successful attack during the past year, either because of actual disruption or as a preemptive measure.

Here are some examples:

In an eye-opening attack in 2021, Colonial Pipeline, responsible for gasoline supply along the East Coast of the US and the US’s largest petroleum pipeline, suffered a system shut down of several days due to the cyberattack from a group of criminal hackers based in Eastern Europe called DarkSide. Considered the largest cyberattack in the US energy industry, the ransomware attack forced the company to pay USD 4.4M to restore operations.

A couple of very recent cases:

• In a report issued in March 2024 after an investigation, the U.S. House Committee on Homeland Security and the House select committee on China focused on the more than 200 Chinese-made cranes installed at US ports. These cranes contain communications equipment with no clear purpose or record of their installation, heightening concerns that the cranes could be used for surveillance or sabotage.
• In February of this year, attackers successfully infiltrated AnyDesk’s production systems, extracting sensitive source code and private code-signing keys. This breach poses significant risks as it enables malicious actors to potentially create harmful versions of the software embedded with backdoors and other vulnerabilities. Remote access software like AnyDesk is widely used in OT environments.

Directives and Regulations

Cognizant of the sharp increase in attacks on supply chain suppliers, regulators are now requiring that OT entities restrict their activities with supply chain companies to those complying with tightening cybersecurity standards. As a result, cybersecurity compliance is transitioning from a voluntary best practice to a mandatory requirement, reflecting the critical role that supply chains play in digitized operations.

What You Must Do Now

1. Regulations: Find out what directives, regulations, and standards are pertinent to your geographic location(s) and industry. Start your journey to compliance today.
2. Network Visibility: Create a model of the operation’s OT network, including network topology, device properties, vulnerabilities, protocols, ports, etc.
3. Asset Inventory: Identify all the assets in the operational networks and inventory them. Discover and include the information about each asset, its communications – including all third-party assets.
4. Continuous Cybersecurity Monitoring: Monitor your network 24/7 for anomalous behaviors that might be indicators of cyberattack. Respond to incidents promptly and effectively.
5. Centralized Security Management: Manage security monitoring and risk management from one console.
6. Risk Management: Quantify the risk at every site and overall. Identify the gaps in security of your operation vis-à-vis IEC 62443. Make your risk assessments regular – monthly or at least quarterly. Chart progress toward reducing risk and closing security gaps.
7. Supplier Access: Identify how third-party vendors are accessing your systems and who is responsible for their access. Adopt multi-factor authentication to limit access to trusted parties.

Radiflow Security Solutions for Supply Chains
Radiflow provides leading solutions and services for all of the above.

Network Visibility, Asset Inventory, and Continuous Cybersecurity Monitoring
iSID, Radiflow’s advanced anomaly detection system, delivers full network, communication, and asset visibility, while detecting anomalies and cyber threats. iSID helps security teams respond rapidly to cyber incidents.

Centralized Security Management

The iCEN Central Management platform centralizes cyber management and monitoring of OT cyber defenses. Communicating with any number of iSIDs via secure, remote connectivity, iCEN collects information from the iSIDs and makes it available to CIARA for accurate risk assessment and to the Security Operations Center for rapid incident response. iCEN enables maritime operators to visualize and manage the state of security across their fleets and operations.

Risk Management

The CIARA Risk Assessment and Management platform analyzes threat intelligence, network traffic, asset properties and more to calculate impacts of cyberattacks on operations. CIARA ingests countless data points, calculates the risk score, and determines how to prioritize mitigation controls based on their risk-reduction capabilities, compliance requirements, and optimal cybersecurity expenditure.

Supplier Access

Radiflow works with world-class vendors of multi-factor authentication and zero trust solutions. Their leading solutions are woven into the fabric of Radiflow solutions.

See our whitepaper on Supply Chain security for more information.