As everyone knows by now, cyber security specialist FireEye discovered a supply chain attack that ‘trojanized’ SolarWinds’ Orion business software updates in order to distribute malware. It appears that SolarWinds’ deployment is pretty widespread. The company has one unnamed Australian operator as user of its network technology. No doubt there are others busying themselves with the patches and fixes.
What intrigued us (of course we were looking for dirt!) was a short item on the SolarWinds website namely, the SolarWinds Cyberthreat Guide: Seven types of internet threats and how to help prevent them.
This you will note is SolarWinds’ advice to its clients, we quote, ‘As a technology professional, you must be realistic about the chances of defeating a persistent threat from a group that could be relatively large and contain some truly skilled hackers. The sort of company that draws the ire of these groups is usually a close-to-enterprise-level organization that may have significant cyber-risks due to political, cultural, religious, or ideological products or services. Chances are a company like this will already know the appropriate configuration of systems that must never be on the internet’.
SolarWinds offers some examples of infrastructures ‘that probably should not be connected to the internet’. These include military/governmental classified computer networks, financial computer systems, like stock exchanges, life-critical systems, such as nuclear power plants, computers used in aviation and computerized medical equipment and finally, industrial control systems, such as SCADA in oil and gas fields. SolarWinds observes that ‘Sadly, many of these critical systems are being connected to the internet without even basic security solutions in place. You may need to help a business implement security solutions to ensure the benefits of connection to the internet do not introduce vulnerabilities with significant consequences if exploited’.
In contrast to this rather good advice, we have regular entreaties from the IT brigade for ‘convergence’ of IT and OT systems. The digital twin/internet of things movement is predicated on the connectivity of SCADA systems into the network. The shale gale has created a multiplicity of connections between field devices and the cloud. We don’t know anything about how the hack might have affected operations beyond the ‘supply chain’. But if the trojan did manage to worm its way from corporate IT systems into operations, the folks pushing ‘convergence’ should be carrying the can!
© Oil IT Journal - all rights reserved.