malware had major impacts on manufacturing companies like Merck, causing hundreds of millions of
            dollars in quarterly losses due to production downtime, in addition to loss of customer satisfaction due to
            missed shipments. After suffering a WannaCry attack across its worldwide network, A.P. Moller - Maersk,
            one of the world’s largest shipping conglomerates, lost communication with its OT network, shutting down
            entire ports.

            In another example, the digital systems at the smelting plants of Norsk Hydro, one of the world’s largest
            aluminum producers, were shut down after the firm was attacked by LockerGoga. Norsk Hydro reportedly
            lost $40 million because of the incident, and aluminum prices were driven to a three-month high.


            In order to mitigate these new threats, organizations must understand two major challenges to securing
            these environments and evolve their security strategies to secure and manage connected devices across
            both industrial and IT environments.




            Connected OT Devices are Un-Agentable

            The  growing  trend  in  manufacturing  and  industrial
            plants  is  to  connect  OT  devices  directly  to  the
            enterprise network. But one of the main challenges is
            that these devices often have no built-in security and
            cannot be protected with traditional security tools like
            agents  used  by  enterprise  security  teams.  These
            devices were not initially designed to be installed on
            the enterprise network, however, the convergence of
            IT and OT networks has made this a reality. Because
            these  devices  can’t  run  agent  software,  security
            teams have no visibility into whether device behavior
            is abnormal or malicious and could indicate a risk.



            OT Device Vulnerabilities Are Increasing

            While OT devices become more accessible to cyber attackers, they’re also increasingly vulnerable to
            attack. Based on ICS-CERT’s advisory page, which lists a large number of vendors that have disclosed
            vulnerabilities,  public  vulnerability  advisories  continue  to  increase  year  over  year.  There  were  204
            advisories in 2018, an increase of 25% compared to 2017. Over half of the ICS-related vulnerabilities
            reported in 2018 rated high in terms of severity level. These vulnerabilities exist in field devices, human-
            machine interface systems, and engineering workstation software.

            In  2019,  a  set  of  11  zero-day  vulnerabilities  was  discovered,  dubbed  Urgent11,  that    impact  seven
            common real-time operating systems, including VxWorks® by Wind River. These systems are widely
            used  by  SCADA  systems,  industrial  controllers,  firewalls,  routers,  satellite  modems,  VoIP  phones,
            printers,  and  many  other  devices.  Urgent11  could  allow  attackers  to  remotely  exploit  and  take  over
            mission-critical industrial devices, resulting in costly disruption of essential processes.




            Cyber Defense eMagazine –June 2020 Edition                                                                                                                                                                                                                         110
            Copyright © 2020, Cyber Defense Magazine.  All rights reserved worldwide.