If there’s one thing every operator, plant manager and OT expert knows, it’s that downtime is never an option. While no company likes to have its IT systems and data on lockdown, there can be devastating consequences for an OT attack that shuts down production for mission-critical industries.
1) Jeopardizing human safety
Arguably the most important and devasting consequence of an OT attack is compromised human safety.
Attacks on industrial control systems (ICS) are not always centered on accessing confidential information or making financial gains with ransomware. A rising number of bad actors and state-sponsored attacks are focused on exploiting OT assets and machines to do something that they’re not intended to do.
Take the attack on Ukraine’s power grid as an example. BlackEnergy attempted to perform harmful remote operations on circuit breakers via remote administration tools or Virtual Private Network (VPN) connections. The power outages caused by the attack disrupted Ukrainian utilities, affecting many customers. Although no casualties were reported, the situation could have caused health problems for those needing electronic medical equipment.
2) Losing revenue
This might be the most obvious, but if your factory, plant, or substation is shut down, the organization is losing significant money by the minute. The downtime from a ransomware attack is about 21 days on average, and that’s dependent on how well an organization sets up disaster recovery efforts.
In one instance, a manufacturer was shut down in an entire region and lost millions in revenue. Ask yourself and your leadership team, can you afford to be shut down for 21 days?
3) Paying ransomware costs
When ransomware hits, your organization is forced to rely on backed-up information and configurations (assuming this was proactively done) and/or pay the ransom to recover data and restart production.
Does your OT environment have a sufficient knowledge base and backup data? This is especially tricky for OT as many systems are often running for 10+ years with little institutional knowledge available to recover from ransomware.
Keep in mind that even if an organization pays the ransom, it rarely gets 100% of the data back.
4) Purchasing new OT equipment
Take a look at how much your PLCs, HMIs, SCADA, and other OT assets cost. These unique, highly specialized devices can cost hundreds of millions of dollars. And that’s for one device. Image having a situation where you need to replace multiple infected machines to regain production.
That’s an extremely expensive recovery strategy!
5) Increasing your labor costs
Not only is the company no longer making money, but it now must pay the ransom and additional labor costs for remediating the threat and installing new protections. Many companies also hire consultants or service providers to manage their incident response.
While an attack may spread in seconds, it takes a village to detect, respond and recover.
6) Damaging your reputation
As news gets out about the attack, there is a cost to an organization’s public reputation. Some lose trust from a customer base that not only took years to build up but will now take years to recoup.
Also consider that most companies impacted by an attack see their share and stock prices drop. While a company’s reputation and economic loss can be recovered over time, it’s another jab to the open wound at a difficult, expensive time.
Taking proactive measures
When evaluating your cyber defenses, look at solutions designed for OT that understand the specific protocols and desired output of these machines to prevent any alterations, malicious reconfigurations, and misuse of the OT assets.
Be cautious about simply bringing your IT cybersecurity solutions over into your OT environment. While they are important for your IT infrastructure, the security requirements are very different for OT. Find complementary solutions that focus on an OT Zero Trust approach that protects your assets while keeping the operation running.