OT security (noun) [Word Notes] - Hacking Humans

Summary5 min read

Podcast Summary: "OT Security (noun) [Word Notes]" – Hacking Humans

Podcast Information

Title: Hacking Humans
Host/Author: N2K Networks
Description: Deception, influence, and social engineering in the world of cyber crime.
Episode: OT Security (noun) [Word Notes]
Release Date: February 25, 2025

Introduction to OT Security

In the episode titled "OT Security (noun) [Word Notes]," hosted by N2K Networks, the focus is on Operational Technology (OT) security—a critical aspect of protecting industrial operations from cyber adversaries.

Definition and Distinction from IT Security

Operational Technology (OT) encompasses the hardware and software designed to monitor and control physical devices, processes, and infrastructure within industries such as manufacturing, energy, and utilities. Unlike Information Technology (IT) security, which primarily safeguards data and information systems, OT security is dedicated to protecting the operational aspects of industrial environments.

Speaker A [00:11]: "The word is OT security, spelled O for operational, T for technology and security as in protection... IT and OT cybersecurity differ in fundamental ways, not only because IT and OT systems often require different security controls, but also because IT and OT security practitioners have different goals for securing their assets."

Historical Perspective on OT Security

The podcast delves into the historical context of OT security, illustrating that cyber threats to operational systems are not a new phenomenon.

Early OT Attacks

One of the earliest recorded OT attacks dates back to 1903 when Guglielmo Marconi, the Italian engineer famed for inventing the wireless telegraph, became the target of a man-in-the-middle attack orchestrated by Neville Maskelyne of the Eastern Telegraph Company.

Speaker A [01:34]: "One of the world's first OT attacks occurred in 1903 when Guglielmo Marconi... Neville Maskelyne... executed maybe the first ever man in the middle attack... Mocking Marconi and you thought our modern day Internet head trolls."

Modern OT Incidents

Fast forward to the 21st century, the episode highlights significant OT security breaches, including:

2000 Queensland Sewage Attack: Vydeck Bowden launched an attack that leaked millions of gallons of untreated sewage into waterways and parks.
2015 Sandworm Attacks on Ukraine's Power Grid: Russian hackers disrupted Ukraine's electricity supply, marking the first blackout caused by a cyberattack.

Speaker A [01:34]: "In March 2000, Vydeck Bowden launched an industrial control system attack on Queensland, Australia... In late 2015, a group of Russian hackers called Sandworm attacked Ukraine's power grid, causing the first ever blackout triggered by a cyber attack."

Components of Operational Technology

The episode provides an in-depth analysis of the various components that constitute Operational Technology, emphasizing their roles and vulnerabilities.

Industrial Control Systems (ICS)

ICS are pivotal in managing essential industrial processes. They are categorized into:

Continuous Process Control Systems: Managed via Programmable Logic Controllers (PLCs), these systems oversee processes that require constant regulation, such as power consumption and heating systems.
Discrete Process Control Systems (DPCs): These systems handle batch processes, such as those in manufacturing conveyor belts and oil refineries.

Speaker A [01:34]: "Industrial control systems are often managed via a Supervisory Control and Data acquisition system or SCADA system... enable operators to easily observe the status of a system, receive any alarms indicating out of band operation, or to enter system adjustments."

Supervisory Control and Data Acquisition (SCADA) Systems

SCADA systems provide a graphical interface for operators to monitor and control industrial processes. They are crucial for maintaining the integrity and availability of essential services.

Case Study: Sandworm and the NotPetya Attack

A significant portion of the episode is dedicated to dissecting the activities of the Russian hacker group Sandworm and their infamous NotPetya attack.

Sandworm's Campaign in Ukraine

Since late 2015, Sandworm has been orchestrating a series of cyberattacks targeting various facets of Ukrainian society, including media, government agencies, and electric utilities. These attacks culminated in massive blackouts, demonstrating the group's capability to disrupt critical infrastructure.

Speaker C [06:10]: "Sandor is a group of Russian hackers that since late 2015 or so have carried out what I think is the first full blown cyber war starting in Ukraine... Sandworm hit Ukraine's power grid not once but twice in late 2015 and then again in late 2016."

The NotPetya Attack

In mid-2017, Sandworm unleashed NotPetya—a self-propagating worm disguised as ransomware. Unlike typical ransomware, NotPetya was designed purely for destruction, spreading globally and causing extensive damage to multinational companies, medical record systems, and hospitals in the United States, resulting in approximately $10 billion in global damages.

Speaker C [06:10]: "The worst cyber attack in history by a good measure."

Implications and Current Threats

The episode underscores the persistent threat posed by nation-state actors like Russia, China, and Iran, as well as non-state actors including terrorist and hacktivist groups. These entities continuously exploit vulnerabilities in critical infrastructure, particularly the U.S. electrical grid.

Speaker A [01:34]: "According to the U.S. department of Energy, threat actors on multiple fronts continue to exploit cyber vulnerabilities in the U.S. electrical grid."

Current Threat Landscape and Future Directions

Culminating the discussion, the podcast highlights the evolving nature of OT security and the necessity for robust defensive measures to safeguard essential services against sophisticated cyber threats.

Continuous Verification and AI Integration

Modern OT security strategies emphasize zero trust architectures and the integration of AI to detect and mitigate threats proactively. By making applications and IPs invisible and continuously verifying each request based on identity and context, organizations can significantly reduce their attack surfaces.

Speaker B [01:34] (paraphrased from advertisement): "Connecting users only to specific apps, not the entire network. Continuously verifying every request based on identity and context."

Collaborative Efforts and Awareness

The alignment and integration of IT and OT systems are crucial for developing comprehensive security controls that address the unique challenges posed by operational environments.

Conclusion

"OT Security (noun) [Word Notes]" offers a comprehensive exploration of Operational Technology security, tracing its historical roots, dissecting its critical components, and examining high-profile cyberattacks that have shaped the current threat landscape. Through expert insights and detailed case studies, the episode underscores the imperative for specialized security measures to protect the vital infrastructures that underpin modern society.

Notable Quotes

Speaker A [00:11]: "IT and OT cybersecurity differ in fundamental ways... different goals for securing their assets."
Speaker A [01:34]: "Industrial control systems are often managed via a Supervisory Control and Data acquisition system or SCADA system..."
Speaker C [06:10]: "The worst cyber attack in history by a good measure."

Production Credits

Written by: Nata Genoi
Executive Produced by: Peter Kilpe
Edited by: John F. Petrick and Rick Howard
Sound Design and Original Music: Elliot Peltzman

This summary omits introductory messages, sponsorships, and non-content segments to focus solely on the substantive discussions surrounding Operational Technology security.

Loading summary

Transcript8 lines

[00:02]
A
You're listening to the Cyberwire network, powered by N2K.
[00:12]
B
And now a message from our sponsor. Zscaler, the leader in cloud security Enterprises have spent billions of dollars on firewalls and VPNs, yet breaches continue to rise by an 18% year over year increase in ransomware attacks and a $75 million record payout in 2024. These traditional security tools expand your attack surface with public facing IPs that are exploited by bad actors more easily than ever with AI tools. It's time to rethink your security Zscaler Zero Trust plus AI stops attackers by hiding your attack surface, making apps and IPs invisible eliminating lateral movement Connecting users only to specific apps, not the entire network Continuously verifying every request based on identity and context Simplifying security management with AI powered automation and detecting threats using AI to analyze over 500 billion daily transactions hackers can't attack what they can't see. Protect your organization with Zscaler Zero Trust and AI. Learn more at Zscaler.com Security.
[01:34]
A
The word is OT security, spelled O for operational, T for technology and security as in protection definition Hardware and software designed to detect and prevent cyber adversary campaigns that target industrial operations. Example sentence IT and OT cybersecurity differ in fundamental ways, not only because IT and OT systems often require different security controls, but also because IT and OT security practitioners have different goals for securing their assets and different definitions for what secure means, origin and context. One of the world's first OT attacks occurred in 1903 when Guillemo Marconi yes, that Marconi, that famous Italian engineer who invented the first practical wireless telegraph, attempted to securely send a message from a clifftop radio station in Cornwall, UK to London some 300 miles away. Neville Maskelyne, working for a Marconi competitor, the Eastern Telegraph Company, executed maybe the first ever man in the middle attack, intercepting the traffic and sending Morse code to the distant inn. Mocking Marconi and you thought our modern day Internet head trolls. Operational technology consists of a superset of non traditional electronics and software. In other words, these are systems not designed for the standard office worker and can control government, commercial and home processes like water, power, air conditioning and heating. Within the OT superset are industrial control systems or ics. These are systems that control essential industrial processes like mine site conveyor belts, oil refinery cracking towers and electrical grade power consumption. The key word there is essential processes that are emission critical and have a high availability requirement. According to Graham Williamson from Kupinger coal analyst, most ICSs fall into either a continuous process control system typically managed via programmable logic controllers or PLCs or discrete process control systems or DPCs. These might use a PLC or some other batch process control device. Industrial control systems are often managed via a Supervisory Control and Data acquisition system or SCADA system. These provide a graphical user interface for operators to easily observe the status of a system, receive any alarms indicating out of band operation, or to enter system adjustments to manage the process under control. In March 2000, Vydeck Bowden launched an industrial control system attack on Queensland, Australia that resulted in the leaking of millions of gallons of untreated sewage into the surrounding waterways and parks. In a rare Jason Bourne like car chase scene right out of the movies, the police captured Witek with his laptop, SCADA equipment and the radio transmitter he used to carry out the attacks. In 2006, researchers at the Gartner Energy and Utilities IT Summit presented the term operational technology as applied to industrial control systems. Over the next decade, the alignment and integration of IT and OT systems picked up traction in the industrial space. In late 2015, a group of Russian hackers called Sandworm attacked Ukraine's power grid, causing the first ever blackout triggered by a cyber attack. According to the U.S. department of Energy, threat actors on multiple fronts continue to exploit cyber vulnerabilities in the U.S. electrical grid. Nation states like Russia, China and Iran and non state actors including foreign terrorist and hacktivist groups pose varying threats to the power grid. End quote Nerd reference in the Cybersecurity Canon hall of Fame book A New Era of Cyber War and the Hunt for the Kremlin's Most Dangerous Hackers by Wired columnist Andy Greenberg. Andy describes the Russian GRU's use of Ukraine as a training lab to use cyber attack to cripple and destroy an enemy's critical infrastructure.
[06:10]
C
Sandor is a group of Russian hackers that since late 2015 or so have carried out what I think is the first full blown cyber war starting in Ukraine. They attacked pretty much every part of Ukrainian society with these data destructive attacks that hit media and the private sector and government agencies and then ultimately the electric utilities, causing the first ever blackouts triggered by cyber attacks. Sandworm hit Ukraine's power grid not once but twice in late 2015 and then again in late 2016. And then finally this Ukrainian cyber war that Sandworm was waging essentially in the middle of 2017 exploded out to the rest of the world with this cyberattack called notpetya, a worm, a self propagating piece of fake ransomware that was actually just a destructive attack that spread from Ukraine to the rest of the world and took down a whole bunch of multinational companies, medical record systems and hospitals across the United States and ultimately cost $10 billion in global damages. The worst cyber attack in history by a good measure.
[07:26]
A
Wordnotes is written by Nata Genoi, executive produced by Peter Kilpe and edited by John F. Petrick and me, Rick Howard. The mix, sound design and original music have all been crafted by the ridiculously talented Elliot Peltzman. Thanks for listening.
[08:00]
D
Hey everybody, Dave here. Have you ever wondered where your personal information information is lurking online? Like many of you, I was concerned about my data being sold by data brokers, so I decided to try delete me. I have to say, delete me is a game changer. Within days of signing up, they started removing my personal information from hundreds of data brokers. I finally have peace of mind knowing my data Privacy is protected. DeleteMe's team does all the work for you with detailed reports so you know.
[08:32]
B
Exactly what's been done.
[08:34]
D
Take control of your data and keep your private life private by signing up for Deleteme now at a special discount for our listeners today. Get 20% off your DeleteMe plan when you go to JoinDeleteMe.com n2k and use promo code n2k at checkout. The only way to get 20% off is to go to JoinDeleteMe.com N2K and enter code N2K at checkout. That's JoinDeleteMe.com N2k code N2K.