Much of the initial discourse around the SolarWinds cyberattack focused on its impact on the affected information technology (IT) systems. However, this overlooks an equally destructive yet unexamined operational technology (OT) portion of the attack, and much of the OT impact may not be seen for months or longer.
As Microsoft’s CEO pointed out, what’s been seen so far is only the “first phase” of the attack that targeted IT systems in the government and companies large and small. While disconnecting the SolarWinds Orion system from one’s IT system may mitigate some of the damage, it neglects the possibility that potentially destructive malware could easily have been planted on OT systems as well. And the impact of OT breaches can be more significant than mere IT penetration; OT consists of systems that affect the physical world.
SolarWinds Orion is a popular network management system with a base of up to 18,000 customers and an indefinite number of sites. Users include not only governments and end users but also equipment suppliers, which could significantly expand the scope of the attack. This large base of users, many of whom have mission-critical sites, made it an ideal target for a cyberattack by Russian operatives.