Are Your OT Systems Protected?
According to a Stats Canada Survey, Canada’s energy companies are twice as likely to experience cyber-attacks compared to other industries. Taking into account the sheer number of malicious actions across thousands of organizations, it is incomprehensible for humans alone to handle. Through the use of a sophisticated cyber-defence technology built by Darktrace that leverages Self-Learning AI, and machine response time triggered at the earliest stages of attacks, companies can neutralize threats before damage is done to their IT and now interdependent OT systems. Attend our virtual 30-minute, informative seminar on September 23, at 12 pm MST to learn more.
Article Written By Darktrace
Cyber Threats to Canada’s Energy Sector and Critical Infrastructure
The Colonial Pipeline ransomware incident demonstrated the potential for cyber-attacks against the critical infrastructure to significantly disrupt a nation’s economy and broader society. Though this incident happened in the US, Canada is far from immune to these threats.
In fact, recent records found that cyber-attacks target Canada’s energy companies at nearly double the rate of other industries, with 39% of respondents from the sector reporting that they were impacted by an incident in 2019, according to a Statistics Canada survey.
The Communications Security Establishment (CSE) also released its public Annual Report in August. The report noted that CSE’s Cyber Centre aided in response to 2,206 incidents affecting the Government of Canada or critical infrastructure partners, including 85 cases affecting Canada’s health sector. According to the report, CSE’s dynamic defence capability routinely blocks between 2 and 7 billion malicious actions a day against Government of Canada networks and systems, ranging up to 10 billion on a busy day.
Billions of malicious actions across thousands of organizations are too much for humans to handle alone—especially so considering the ongoing cyber skills gap that plagues Canada along with the global cyber workforce. Considering this, a sophisticated defensive technology is needed that can both step in for overstressed teams and augment existing human capabilities.
Self-Learning AI for Unified Protection of IT and OT
In August, the Canadian Minister of Natural Resources announced $407,000 in funding to support the research and development of “a cyber security system to protect Canada’s critical energy infrastructure” which will “detect compromised parts and devices.” While this effort is admirable, there is no need to reinvent the wheel.
Sophisticated technologies are readily available to detect cyber-threats at their earliest stages and respond at machine speeds to neutralize threats before they can do damage. Indeed, Darktrace’s Self-Learning AI technology was first deployed at Drax power station—one of the UK’s leading energy suppliers—and continues to provide autonomous defence for the world’s most complex and sensitive critical infrastructure.
Critical infrastructure today involves a complex set of interdependencies between information technology (IT) and operational technology (OT). As the Colonial Pipeline incident demonstrated, cyber-attacks disrupting OT do not need to directly target or even reach OT systems. In this incident, the ransomware compromised IT networks, such that the organization manually shut down OT systems out of an abundance of caution.
Gone are the days when air gaps can keep OT systems separated from IT networks, and so safeguarded from attacks. IT-OT convergence and IT-OT interdependence are inevitable aspects of modern industrial operations, whether intentional or unintentional. Moreover, the industrial internet of things (IIoT) is bringing connected technologies straight onto the factory floor. All these factors multiply the attack surface exponentially. Specialized approached to securing OT in isolation simply will not provide meaningful coverage of industrial environments.
This highlights the need for unified protection of IT and OT in a single platform to properly defend critical infrastructure and the energy sector. Fortunately, Darktrace’s Self-Learning AI technology can be deployed both in enterprise environments and industrial environments with equal efficacy. Moreover, its Enterprise and Industrial Immune Systems work in tandem to provide visibility throughout the entire cyber ecosystem, illuminating all points of IT-OT convergence and interdependence, and thwarting threats in IT before they can even spread to OT.
How Self-Learning AI Stopped Ransomware Targeting an Oil Refinery
At an integrated oil refiner and supplier, Darktrace’s Industrial Immune System was crucial in stopping a ransomware attack that originated in the corporate network before it could disrupt mission-critical OT systems.
Its Self-Learning AI identified the first signs of a ransomware infection in a desktop device on the network. As well as writing its own ransom note files, the device made a series of connections to rare external destinations via an internal proxy server and then downloading potentially malicious files – activities that Darktrace could detect and correlate based on its granular knowledge of ‘self’ for the business.
The device proceeded to make numerous SMB directory queries, more activity that Self-Learning AI recognized as deviant based on its understanding of the device, which was followed by the download of malicious files. Darktrace’s Immune System flagged this activity and highlighted it as likely ransomware, alerting the customer’s security team before the infection was able to spread into the OT environment.
With Self-Learning AI’s ability to connect patterns from across diverse infrastructure, the Oil Refinery’s industrial system was defended from this machine-speed attack. Darktrace accordingly played a crucial role in safeguarding operations for this critical infrastructure organization, avoiding large-scale disruption to the economy and society.
Are Your OT Systems Protected?
Join David Masson, Darktrace Director of Enterprise Security and Mark Perry, Cadeon Director of Project Delivery & Inside Sales, on Thursday, Sept 23rd at 11am PDT I 2pm EDT, as we uncover the rapidly emerging security challenges facing industrial environments & cyber-physical ecosystems. In addition to advances in attacker techniques, such as the rise of ICS ransomware, these include evolutions in the technological architecture of ICS, including digitized OT, exponential connections to Industrial IoT, and expanding internet-connected supply chains. as we uncover the rapidly emerging security challenges facing industrial environments & cyber-physical ecosystems. In addition to advances in attacker techniques, such as the rise of ICS ransomware, these include evolutions in the technological architecture of ICS, including digitized OT, exponential connections to Industrial IoT, and expanding internet-connected supply chains.
Cadeon – Your One-Stop Solution For All Your Company's Protection And Data Needs
At Cadeon, we care about our clients’ business needs from Data Visualisation to Cyber Security, which is why we have partnered with the best in the industry to provide first-class services. Our Partnerships with Darktrace, TIBCO and Microsoft, just to name a few, allow us to give 360 degree customized data-driven solutions and support to each of our customers. Take Cadeon’s 10K Challenge today or to find out more, contact us at (403) 475-2494 or fill out our online contact form.
