Responding to this report, Andrea Carcano, Founder and Chief Product Officer of Nozomi Networks commented:
“Targeting engineers with access to control systems with phishing messages is pretty straight-forward and, if successful, could be extremely damaging. In tandem, while air-gapping offered a degree of protection, the way our nuclear plants, and any infrastructure for that matter, is maintained today means this practice is defunct.
“We often see engineers ‘plugging’ in their own devices to perform diagnostic checks. Should that person’s device have been compromised, this action could unleash malware directly into the heart of each component being checked, which then crawls and burrows deeper into the infrastructure.
“You have to assume that all parts of critical infrastructure are being probed for vulnerabilities 24 by 7 from a risk management point of view. While Information Technology (IT) and Operation technology (OT) that control the electric grid systems and other critical infrastructure are separated, there have been increasing connections.
“Risk management is an ongoing process. Up to date patching and the use of artificial intelligence and machine learning to immediately identify suspicious network communications and incidents helps to harden the security that guards industrial control systems.”