A Ransomware attack hit Goa’s flood monitoring system according to the Hindustan Times, which reports that the state government’s water resources department that maintains the data said that all its files have been encrypted and can no longer be accessed.
The data center server in Panaji stores the data of 15 flood monitoring systems on major rivers in the Goa region, as part of disaster management and flood control. Access is unavailable to data relating to batteries and to real time monsoon activity.
“Complex infrastructure, dynamic network landscapes and ever-evolving cyberattacks have been something infosec professionals have been adapting and dealing with since the late 80s, but this is traditionally something that most OT professionals working within ICS environments have not had to really deal with, considering OT systems have historically been offline.
“A large challenge within ICS environments is IT/OT convergence. You’ve got infosec professionals who have been building security measures for decades on IT systems because that has been the main attack surface. However, with OT systems now being networked and communicating with IT systems, such security maturity has yet to be established. Start from the basics! Gather inventory of all your systems (Both IT/OT), patch systems regularly, apply configuration changes as needed based on the security policy, segment network/stations from one another and finally make sure your critical systems require multiple forms of authentication.”