A cyberattack on Mackay Sugar, Australia’s second-largest raw sugar producer, is a reminder that the line separating the digital world from physical reality may have permanently dissolved. The incident shut down two mills in Queensland, and did so at a critical time in the sugarcane crushing season when sweet liquid is extracted from cane. The breach has not only impacted operations at the mills, but also the downstream supply chain as the factories stopped accepting new cane deliveries.
News reports suggest this was a ransomware attack, though that has yet to be confirmed, as does whether industrial control systems were accessed and breached. The breach demonstrates why organizations must build and manage resilient systems, especially where IT/OT interdependencies exist, in order to sidestep catastrophic downtime in the event of a breach.
The lesson: digital transformation has eliminated many of the technical siloes between physical machines, OT operations, and the corporate network. Efficiency demands drove the need to integrate logistics, predictive maintenance, and analytics tools that created data flows between control systems, SCADA systems, enterprise source planning systems, and the cloud.
Manufacturing and other industrial processes are now so data-driven that any disruption on the IT side of the house will inevitably trickle over to operations, limiting oversight into process quality, distribution, safety systems, and overall compliance.
In this blog, we’ll cover:
The need for OT operational resilience in environments where IT and OT are interdependent
How a programmatic CPS protection program is required to secure these environments
Recovery challenges associated with system restoration
Achieving Operational Resilience in OT Environments
The Mackay Sugar breach highlights a critical gap in operational resilience, which ensures the physical plant can maintain a minimum safe state of operations while compromised or when being remediated. In the case of Mackay Sugar, the breach forced the mills to begin manual crushing operations to process already-harvested cane.
The reality is that IT and OT can no longer operate independently, and that returning to air-gapped systems is an economic impossibility. Meeting the demands of today’s interdependent and interconnected environments requires a programmatic approach to cyber-physical systems (CPS) protection.
This approach includes the following:
Identify Vulnerabilities Through Asset Visibility
It begins with complete asset visibility. Deep asset visibility collects and correlates device information, including firmware versions and serial numbers of products down to the rack slot. It’s a higher level of visibility than knowing simply a product name and model number, or an asset class such as PLC or HMI. This data can be used to inform vulnerability detection and subsequent mitigation recommendations not only around firmware updates, but also disabling risky communications over insecure ports or updating weak configurations that leave networks exposed.
Stop Lateral Movement with Network Segmentation
Zero-trust network segmentation architecturally limits communication between enterprise and operational environments, and must be table stakes. It limits the number of pathways between critical systems available to attackers and isolates systems in order to prevent lateral movement in the event of a breach. Segmentation prevents an exploitable vulnerability from becoming an enterprise-wide risk. Best practice is to properly design an architecture to modern network standards (ISA/IEC 62443 is preferred) and then constantly measure for drift and devices breaking the segmentation rules.
Protect Supply Chains from Cyberattacks
Downstream supply chain impacts may ripple quickly. For example, the Mackay Sugar breach impacts businesses dependent on its mills’ output. Sugarcane must be processed on tight timelines, or seasonal crops may be wasted, and the costs create negative business impacts. Shutdowns delay production and threaten raw materials that economically hurt farmers and harvesters. Sugar, for example, is a vital food and beverage ingredient, is a base component in some pharmaceuticals, and is critical in fuel production. Not only are businesses impacted, but local economies may suffer as well.
OT Incident Response and Recovery is not a Push-Button Exercise
Finally, compromised enterprises must recover quickly for all of the business and economic reasons we’ve covered so far. But this is not a push-button exercise.
Industrial enterprises face challenges not only remediating exposures that may have led to a breach, but also in recovering and rebooting impacted production machines. Certain equipment have specific restart requirements that require institutional knowledge on-premesis or a third-party integrator or contractor.
Secure remote access to the sites can often shorten recovery cycles by affording experts access to impacted systems. But solutions tailor-made for OT and control systems have specific requirements around auditing and session monitoring that ensure least-privilege access and compliance remains intact. This must be a consideration in breach remediation and recovery.
