A US gas pipeline operator was infected by malware—your questions answered
Tuesday’s news that a ransomware infection shut down a US pipeline operator for two days has generated no shortage of questions, not to mention a near-endless stream of tweets.
Some observers and arm-chair incident responders consider the event to be extremely serious. That’s because the debilitating malware spread from the unnamed company’s IT network—where email, accounting and other business is conducted—to the company’s operational technology, or OT, network, which automatically monitors and controls critical operations carried out by physical equipment that can create catastrophic accidents when things go wrong.
Others said the reaction to the incident was overblown. They noted that, per the advisory issued on Tuesday, the threat actor never obtained the ability to control or manipulate operations, that the plant never lost control of its operations, and that facility engineers deliberately shut down operations in a controlled manner. This latter group also cited evidence that the infection of the plant’s industrial control systems, or ICS, network appeared to be unintentional on the part of the attackers.
Comments
Post a Comment