What is OT — and what does it do for you?
- September 2, 2020
- Posted by: Kerry Tomlinson, Archer News
- Categories: Archer News, Automotive Security, Cyber Crime, Cyber Crime, Cyberattack, Cyberattack, Hacking, Industrial Control System Security, Power Grid, Power Grid, Railway Security
You’ve heard of IT — information technology.
But what about OT?
It stands for operational technology, or operations technology, and it runs your world.
But it’s also potentially vulnerable to cyberattacks — and cyber destruction.
Old School vs. New School
Back in the day, you hit the gas pedal and it moved a cable. You tapped the brakes and it moved a lever.
Now, for some cars, it’s digital. You may use the same pedals and tools, but they send an electronic signal instead. More and more cars are computers using operational technology.
Instead of moving just data, OT moves things.
You depend on it at gas stations, traffic lights, ATMs, the doctor’s or dentist’s office, in elevators, and for your smart thermostat. Factories use OT to produce your food and things, utilities use it to bring you water, power plants use it for your electricity.
It’s part of your critical infrastructure. But OT without protection can be vulnerable to cyberattacks.
Why Is It Vulnerable?
At first, people were more worried about physical attacks on OT than cyberattacks. Now attackers are aware they may be able to hack in and do physical damage.
For example, in 2015 and 2016, a nation state hacked the grid and shut off electricity in Ukraine in the middle of winter.
In 2008, a 14-year-old boy built his own remote that controlled city trams in Poland, derailing four cars and injuring 12 people.
And in an infamous case in Australia in 2000, an unhappy former worker caused sewage to spill out into the parks and river in a town called Maroochy Shire.
How Do They Get In?
In some cases, attackers use spear phishing, where they target someone, send an email with malware and wait for you to click.
Also, you might plug in a malicious USB or download a malicious show or game onto a work computer.
Sometimes attackers get in through security gaps or vulnerabilities in software or machines.
They can jump from corporate, or IT, computers to OT computers — if the networks aren’t separated properly — and get access to valuable OT treasures.
Also, employees or third-party companies sometimes connect OT to the Internet unprotected, often for convenience. For example, they prefer to work online than to drive out to work on the system.
They may think attackers won’t find the connection. But there are actually search engines just for finding exposed OT.
It’s not a free-for-all for attackers, however.
Companies using OT usually take extra steps to protect from cyber invaders.
Attackers need to have a lot of knowledge to break into and manipulate OT.
And nation states are aware if they do too much damage, they face retaliation of the same kind, even war.
But it’s a constant battle for defenders to keep these machines running attacker-free.
You really don’t want to find out that someone else is controlling the wheel. Or the power plant.
See more answers from Archer News:
Main image: Buttons to start an appliance that uses OT. Image: FotoDuets/iStock