The COVID-19 pandemic has been detrimental to the world economy while flattening many industries. The mining industry was fortunate to be one of the very few industries to deliver exceptional growth throughout this period. Yet this growth has marked the mining industry out as a lucrative target for cybercriminals.
Cybercrime has increased over the course of the pandemic as threat actors try to take advantage of the rapidly changing circum- stances, misinformation, and organizations’ shift to a hybrid workplace. The rewards for successful cyber-attacks are staggering. To put this in perspective, it is currently estimated that cyber-crime is worth more than the illegal drug trade globally, with billions of dollars paid out each year on ransomware. Cybercrime continues to accelerate and is expected to cost 10.5 trillion USD annually by 2025.
Cybercriminals are also becoming more innovative and creative as they target complex, business-critical Operational Technology (OT) environments, including Industrial Control Systems (ICS) and Supervisory Control And Data Acquisition (SCADA) systems.
Several high-profile attacks have demonstrated both the increasing sophistication of attacks and the devastating effects of a breach in these environments. In 2010 a malicious worm traveled for years to eventually find its SCADA target at an Iranian nuclear plant. More recently, in February 2021, a hacker attempted to poison the water supply of Oldsmar in Florida by using remote access to alter the levels of sodium hydroxide in the water. Though the attempt was thwarted, it illustrated the threat to industrial control systems1. Then in May, hackers successfully gained entry into the Colonial Pipeline Company network, which led to the shutdown of their 5,500-mile fuel pipeline, a shortage of petroleum in the USA and a ransom pay-out of $5.6 million3.
The rapid shift to remote work during the lockdown, and the consequential increase in cyber threats arising from the greater attack surface, have increased the demand for cybersecurity skills. Combined with the existing global shortage of cyber expertise, this demand means many organizations struggle to find and keep the people required to effectively manage security governance and operations across IT/OT environments. In response, we are now seeing increasing adoption of managed security services such as managed detection and response (MDR) solutions and vulnerability and threat identification tools designed specifically for OT systems.
Targeted mining attacks have the potential to affect four parts of operations: extraction, processing/refinement, stock management, and shipping. Each function presents a different set of risks that, if exploited, can reduce efficiency, inhibit operations, and cause financial turmoil. Given the extremely dangerous environments that mine sites present – heavy machinery, fumes, and explosives – the effect of a cyberattack on safety technologies such as wearables and gas detectors is possibly the most severe example.
Understanding the OT Environment
Security analysts need to understand what is happening within OT systems with a unified system that monitors and assesses both OT and traditional IT environments. Complete coverage of an industrial mining network must include continuous monitoring of the components within the industrial network, such as programmable logic controllers or remote terminal units. Companies need to be continually monitoring governance and compliance aligned to industry good practice and ensuring coverage extends to IoT devices and machinery.
With such complex environments, many mining companies face an increasingly complex task to manage their cybersecurity. It is not uncommon to see companies procure half-a-dozen or more solutions. In fact, one study found 40% of organizations use 10 to 25 separate security tools, and 30% use 26 to 50 tools. This only adds to security teams’ burden. Furthermore, traditional security tools often don’t provide the required visibility into OT networks and devices that companies need to operate.
The key to managing this complexity and simplifying security is to bring network visibility, asset monitoring, vulnerability management, threat intelligence and threat detection into one solution. Security teams can focus on identifying, understanding, and remediating issues rather than managing data and tools. Tooling that is OT-specific and run by professionals who understand the nuances of OT environments is key.
Industry-leading OT security
At Rapid7, we know cyber security. We have two decades of experience in helping organizations advance their security postures and have assisted in increasing customers' cyber security maturity. Our solutions are built to incorporate the change in modern environments, including the continued convergence of OT, and we offer clarity of risk, while helping secure your entire attack surface.
At Rapid7, we provide targeted threat detection through our External Threat Intelligence platform, allowing you to leverage tailored and actionable intelligence based on unique digital assets. This enables you to identify, block, and takedown attacks that directly target your industry and digital operations.
For example, you can identify new malware kits and exploits that target production line equipment and/or OT devices or monitor hacker chatter to prioritize and lockdown vulnerabilities before they are exploited.
To expand the power of our solution in OT environments, we have partnered with the award-winning SCADAfence team to develop deep integrations between the two platforms to meet IT and OT security needs. Security teams now have a consolidated solution for IT, OT and IoT vulnerability management, threat intelligence, and incident detection and response.
SCADAfence is an industrial cybersecurity solution that provides visibility and monitoring for the mining industry’s OT & IoT networks. SCADAfence were recently recognized as Frost & Sullivan’s 2021 entrepreneurial company of the year, not to mention positioned as a Leader in the new Frost and Sullivan Radar for the Global Critical Infrastructure cyber security market. SCADAfence also won three coveted global infosec awards at RSA conference, including ICS/SCADA market leader.
SCADAfence’s solution automates asset discovery and inventory management, as well as threat detection and risk management. Remote access security capabilities enable security teams to track user activities and detect those that are outside the user profile or are malicious in nature.
By employing a wide range of algorithms, machine learning and AI, the platform detects anomalies and security events that can compromise availability and affect the safety and reliability of the OT network and its assets. A governance portal also measures compliance across all sites and identifies gaps or bottlenecks to help improve organizational security at scale.
SCADAfence provides 100% deep packet traffic inspection of all SCADA/ICS/IoT devices out of band, and offer a Governance and Compliance modules for ISO, NERC/CIP, EU and many other standard compliance models, providing a seamless reporting mechanism on the cyber security posture within OT environments. This ensures that reporting requirements align to your defined security frameworks.
A Consolidated Approach to Mining OT security
Rapid7 has integrated SCADAfence’s specialized OT monitoring with our industry-leading Insight platform to provide a comprehensive security solution without overwhelming your teams. The integration works bi-directionally and adds great security and manageability. Vulnerability data is collected from across the corporate IT and OT environments and provides visibility in a single interface for a comprehensive insight into IT/OT vulnerabilities.
Threats identified within the OT environment are communicated to teams via a central Security Information and Event Management (SIEM) solution (e.g. Rapid7’s InsightIDR). This, combined with the centralized vulnerability information, is what provides the single interface of all identified vulnerabilities and threats within the IT/OT environments.
The Rapid7 XDR solution (InsightIDR) ingests all your IT/OT threat data, as well as network traffic analysis (NTA), user behavior analytics (UEBA) and endpoint detection and response (EDR) data, to provide a complete view of your environment’s attack surface.
The XDR solution provides security teams with a single, centralized solution that can quickly identify malicious behavior across your entire environment.
In addition, with Rapid7 IntSights, our Threat Intelligence (TI) solution can also look for external threats from the clear, deep, and dark web, picking up industry targeted attacks, leaked company credentials, brand impersonation, executive impersonation and much, much more.
As a result, mining companies now have a single consolidated solution for IT/OT/IoT security, vulnerability management, threat intelligence, extended detection and response, and security orchestration and automation.
The views and opinions expressed in this post are those of the author and do not represent the official policy or position of SCADAfence.
This article was orginally published in the Australian Mining Review and is authored by John Rice, Account Exectuve at Rapid7
The original post can be found here: https://australianminingreview.com.au/latest/#page=88