The Trump administration on Friday sanctioned a Russian government research institution it said was responsible for cyberattacks on the critical infrastructure of U.S. allies in the Middle East, the latest in a flurry of warnings this week about threats posed by Russian hackers. The Treasury Department blamed Russia for deploying a powerful malware known as Triton against industrial control systems that plants and factories use to initiate emergency shutdown procedures.
When Nozomi Networks analysed the TRITON malware in 2018, our findings led us to believe that while TRITON failed, the attacker(s) could have just as easily succeeded in injecting the final payload. This realisation, combined with the knowledge that a growing number of nation-state adversaries and other hackers have critical infrastructure in their sights, calls for vigorous defense of our national critical infrastructure.
No single entity can solve this global issue; rather, end users, third-party suppliers, integrators, standards bodies, industry groups and government agencies must work together to help the global manufacturing industry withstand cyberattacks and protect the world’s most critical operations and the people and communities we all serve.
The perfect storm of increasing cyber threats, digital transformation and IT/OT convergence means organisations must move swiftly to shore up their defenses with solid cybersecurity programs that deliver, deep visibility and effective cybersecurity that spans OT and IoT networks and devices.
The sanctions are an important step in signaling how seriously we take any malicious cyber activity that poses a threat to human life or safety. And sanctions against a scientific research institute may impact the individuals who developed these tools more than sanctions against the Russian government might. Scientists thrive on their reputation. Accusing them of threatening peoples\’ lives, and impacting their ability to collaborate internationally, may actually impose significant cost.
More broadly, when combined with other recent USG activity calling out Russian cyber activity, including recent indictments and alerts, Russia should be on notice that they cannot act with impunity–or at least not without attribution. The timing may be intended to warn against hacking into election infrastructure, or it may be designed to look tough on Russia for the American electorate, or both.