How safe is your SCADA from ransomware?

Share via:

Following the recent widespread cyber-attack by the WannaCry ransomware, we recommend that all operators of Widows PC based Industrial Control Systems (ICS) urgently review and patch their systems.

In the same way that many NHS systems were affected as a result of operating out of date systems, it is likely that most ICS are highly vulnerable to this particular attack.

The WannaCry infection encrypts all the data on affected computers and then demands a ransom payment to unlock the files. It spread using a security flaw in the Windows operating system. The good news is that Microsoft issued a patch called  MS17-010 two months ago. The bad news is that this patch probably hasn’t been applied to the vast majority of computers that are part of industrial control systems. Even worse, some computers that form part of industrial control systems are likely to be running very old versions of Widows that may not be able to be patched.

Many operators of ICS rely on a the concept of an ‘air gap’ as their principal cyber security measure. The idea is that the ICS is not connected to corporate networks or the Internet, and so is immune from hacking or infection by malware. However, in reality the ‘air gap’ is only partial and ICS are rarely completely isolated from outside computer systems. To give an example, engineers routinely connect their laptop computers to the ICS to carry out programming and maintenance tasks. These same laptops are also routinely connected to corporate networks and the Internet. You can see how this can carry an infection from ‘the outside world’ onto an ‘isolated’ ICS network.

Recommended urgent actions:

  • Identify all computers in your ICS that are running Windows operating system.
  • Apply the MS17-010 security patch (and any other missing security patches) to computers running Windows versions new enough to be patched with MS17-010.
  • Unless they are critical to your ongoing operations, immediately shut down any machines running older versions of Windows that cannot be patched with MS17-010 until they can be upgraded to secure versions of Windows.

While these actions will protect against this specific threat, and increase security in general, it is vital that all operators of ICS put in place systems to ensure ongoing security against the wide range of evolving threats faced by all computer systems.

If you need help with taking urgent actions to counter the WannaCry threat, or if you would like to discuss improving your cyber security system in general, please get in touch with us as soon as possible. Cougar Automation have invested heavily in cyber security so that we can help you maximise the security of your ICS.