Hydro cyber attack – comment from cyber security director

Commenting, Tom Kranz, Head of Cyber Lab at 6point6 :
“Having switched to manual operations, it would appear at this stage to be an IoT attack that has gone for their control equipment. Yet while we often discuss IoT attacks in terms of botnets, the cyber attack on Norsk Hydro throws into sharp relief that we do not put enough focus on the supply chain disruption that can be caused. In this case, not just aluminium smelting, but the construction of actual components for wider industry has been shut down. With the global push towards “Just in Time” manufacturing and more efficient mass-production processes, an IoT attack of this scale against a single company has the potential to have a disruptive and harmful impact to multiple industries on a worldwide scale.
Machines and devices across the Industrial Internet of Things (IIoT) network need to be treated in the same way as any other untrusted, insecure device; namely as a segregated network, with ingress and egress filtering and monitoring. There should be no direct access to the general Internet, and indirect access must use encryption with a high level of logging and monitoring to mitigate risks of cyber attack. As IIoT devices have such simple communications and data flows, configuring SIEM and TVM solutions to keep closer scrutiny on the IIoT segregated network and it’s data flows is also essential. Security must be front and centre, especially when it comes to inter-reliant industries and production lines.”