Cyber Attacks on Water, Gas and What’s Next

Bad actors relentlessly scheme to infiltrate critical, yet often vulnerable, operational technology (OT) and industrial control systems (ICS).The recent ransomware attack on Colonial Pipeline is a stark reminder of that. A successful attack can happen in any industry.

Cyber risk is unique in that it is a man-made peril vs. natural hazard risk, which is more grounded in established science. Cyber risk mutates frequently. By constantly changing their approach, bad actors can achieve their desired results, and find particular success with companies that fail to keep up with the latest technologies and best practices.

That’s why it’s critical to frequently examine potential risks that may expose property, systems, data and equipment to malicious actions locally or via network intrusion.

Questions to ask yourself: Are you prepared? What are some immediate solutions you can take to address the growing threat posed by attacks on OT? How can you influence your leadership to invest in areas to begin building resilience to cyber attacks aimed at OT and ICS? The solutions are not all technical.

Depending on your cyber situation, actions you need to take to defend against an attack may include:

• Separating your information technology (IT) and OT environments with a firewall that only allows traffic in the specific environment. 
• Assessing your business culture and committing to empowering one individual to be responsible for the OT environment and its security
• Building a plan to address legacy software—software that is out of date, is no longer supported by the vendor and does not make security updates available.

FM Global clients are encouraged to complete its online cyber risk assessment now. This straightforward, fact-based tool is uniquely designed to gather threat intelligence and insights at the enterprise level. Our clients will receive a concise cyber risk report that clearly illustrates their individual cyber resilience level and provide prioritized, actionable recommendations for improvement. You’ll know your precise cyber risk posture across three key business areas (Physical Security, Information Security and Industrial Control and Building Automation Systems) against four key areas, including governance, IT security, insider threat management, and response and recovery. In conjunction with our location-level engineering evaluations on physical security and on Industrial Controls Systems that will soon be part of our Boiler and Machinery evaluations, FM Global clients will gain a truly unique and holistic understanding of their cyber exposures. Once we understand the specific cyber risk exposure we will work with you on a mitigation plan that addresses your specific vulnerabilities and what you can do to prepare.

The Colonial Pipeline ransomware attack and the Florida water treatment plant hack are wake-up calls to organizations large and small. The risk from hackers seizing control of an organization’s OT is as serious as the threat of fire, flood and other climate-related hazards. Those who take the threat seriously and adopt a security-minded culture will ensure long-term success.

Download our Cyber Loss Newsletter

Related content:

SolarWinds Supply Chain Attack Advisory

Uncover the Costs of Your Next Cyber Attack

Invisible Attackers Waiting at Your Industrial Systems Gate: Be Wary, Be Prepared, Stay Resilient

Hardwiring Resilience into Your Information Network

Contact an FM Global representative