The SolarWinds Hack Can Directly Affect Control Systems

Much of the initial discourse around the SolarWinds cyberattack focused on its impact on the affected information technology (IT) systems. However, this overlooks an equally destructive yet unexamined operational technology (OT) portion of the attack, and much of the OT impact may not be seen for months or longer.

As Microsoft’s CEO pointed out, what’s been seen so far is only the “first phase” of the attack that targeted IT systems in the government and companies large and small. While disconnecting the SolarWinds Orion system from one’s IT system may mitigate some of the damage, it neglects the possibility that potentially destructive malware could easily have been planted on OT systems as well. And the impact of OT breaches can be more significant than mere IT penetration; OT consists of systems that affect the physical world.

SolarWinds Orion is a popular network management system with a base of up to 18,000 customers and an indefinite number of sites. Users include not only governments and end users but also equipment suppliers, which could significantly expand the scope of the attack. This large base of users, many of whom have mission-critical sites, made it an ideal target for a cyberattack by Russian operatives.

Read more at Lawfare

(Visited 155 times, 1 visits today)

The Government Technology & Services Coalition's Homeland Security Today (HSToday) is the premier news and information resource for the homeland security community, dedicated to elevating the discussions and insights that can support a safe and secure nation. A non-profit magazine and media platform, HSToday provides readers with the whole story, placing facts and comments in context to inform debate and drive realistic solutions to some of the nation’s most vexing security challenges.

Leave a Reply

Latest from Cybersecurity

Go to Top
X