In an increasingly unstable world, we are seeing more and more attacks on critical infrastructure. Since the outbreak of the war in Ukraine, three wind power companies have been subjected to cyberattacks. This highlights the importance of more critical infrastructure companies realising the importance of using adequate cybersecurity solutions – especially when cyberattacks can be used as a method of warfare.
Lack of security in wind turbines
2022 has so far been a year in which many energy companies, especially wind power companies, have been exposed to cyberattacks. At the end of March, the company Nordex was hit by a cyberattack, where the remote control of 5,000 wind turbines was shut down. Enercron was also affected by an attack in which their remote control over 5,800 wind turbines was knocked out.
In April 2022, Deutsche Windtechnik was also subjected to a targeted, professional cyberattack. The IT systems were infected with malware and the systems had to be shut down. The company could not use the systems that control the wind turbines via remote control – only after 1-2 days could the systems be used again.
Vestas data leakage
In November 2021, the Danish wind turbine maker Vestas was the victim of a ransomware attack. The attack led to the company having to shut down parts of their IT systems to make sure that the issue did not spread. Luckily, they were able to continue operations – otherwise, it could have resulted in even higher costs.
However, it was later disclosed that information had been stolen during the attack – about 7000 documents. Some of the stolen data was published, and contained information such as names, addresses, but also bank details and social security numbers.
So, the largest effect of this ransomware attack was stolen data being published. Even if you manage to get your IT systems up and running after an attack, the attackers might have stolen or altered data. It is not uncommon for threat actors to request a ransom in order not to publish the information online.
Secure remote access
For companies in critical infrastructure and energy, remote access is of the utmost importance – for example for the systems that control wind turbines.
Remote access can be made secure by using RDP and protecting the internal system with an explicit security solution. Advenica’s ZoneGuard for RDP is such a solution. The connection from the user’s PC is established with RDP to ZoneGuard. The user is authenticated, and the solution ensures that the connection is to an approved target system at a permitted time.
ZoneGuard then ensures that only screen view data may pass from the target system to the user. Only keystrokes and mouse movements are transferred in the other direction. It is also possible to set restrictions, for example that only certain keystroke combinations are permitted. No other information is permitted to pass, eliminating the risks of, for example, general network communication or incorrect configuration of other systems or their software. This also prevents access to peripheral devices, which would otherwise have meant enhanced risk.
Using RDP and protecting communication with ZoneGuard achieves both security and functionality:
- Only authorised users can use the connection at permitted times.
- The connection can only be made to the systems intended.
- No risk of transfer of malicious code at network level.
- No exposure to peripheral devices.
- Traceability: who did what when?
Read more about secure remote access!
Separating IT and OT into separate segments helps avoid vulnerabilities or disruption in IT affecting OT. To avoid risks as a consequence of mistakes in configuration or function, physical segmentation (zoning) should be used. This means that separate hardware is used for IT and OT.
The most secure way to connect an integrity sensitive data network to other systems is to use data diodes. All data flows from OT that can be managed with data diodes involve a simplified security analysis, quite simply because a data diode is so secure and easy to analyse. Or, more correctly, because it has such high assurance.
For data flows for which data diodes are not suitable, you can instead use systems that secure the information flow, such as ZoneGuard. To avoid malicious code intruding and affecting the process, it is important to have strict separation between, and monitoring of, all data flows across the zone border. The most secure method is to have strict control over the information that is permitted to cross the zone border. For example, by not allowing transport protocols to pass the zone border, you entirely avoid many of the risks that you might otherwise face.
Read more about secure IT/OT integration!
Read more about how energy companies can become less vulnerable in our blog post!
Do you want to know more about cybersecurity in critical infrastructure?