Limiting ICS Impacts from IT-focused Incidents

The industrial cybersecurity community, including WaterISAC, continues to emphasize the larger threat to ICS emanates from IT versus OT-centric cyber threats. To further address this issue, ICS cyber forensic firm Dragos posted Implications of IT Ransomware for ICS Environments. Dragos discusses the importance in identifying the propagation methods of IT-based malware, like WannaCry, NotPetya, and LockerGoga in order to more effectively prevent inadvertent impact to ICS operations. The post highlights how spreading mechanisms have weaponized normal business processes, such as SMB and Active Directory resulting in disruptive impact in environments that were otherwise reasonably isolated from enterprise IT. Furthermore, organizations need to identify the attack surface industrial operations exposed to infection through IT-enabled ICS environments. Regardless of the ransomware du jour, the specific threat remains IT-centric, and will likely remain that way for the foreseeable future. Read the post at Dragos