Sure, the software has been heavily hit by cybercrime, and we have all seen the news: huge hacking jobs on social media companies, sensitive data stolen for sale, and so on. But did you know that a cyber attack on the technology of a power plant can shut the whole system down? Learn the dangers OT systems face, and how they can be prevented.
Online crime has been on the rise, and that’s why cybersecurity is so important, especially after the pandemic — with everybody, including companies, going remote, malicious actors found a new playground for disruption and money-making. But that’s not the only thing to worry about, anymore.
When you hear the expression, “working remotely”, what’s the first thing that comes to mind regarding security? Probably IT (information technology), which are the underlying systems on which most people work when doing so from their computers. This includes mostly software for anything, really, from writing to storing information, data processing to programming, and so on.
The increase in the number of people using the online world — not only for work, but also to shop, connect, trade, and so many other things — is an obvious luring factor for malicious acting, be it to steal money, or sensitive information from companies and individuals.
OT systems: what are they?
There is, however, an area that cybersecurity experts might’ve been overlooking: OT systems. Operational Technology refers to the underlying computing systems that, putting it very simply, make machines run. They are used in power plants, water treatment centers, oil and gas companies, and many other places to make things run.
While IT systems are designed to manage and process data, supporting business operations, communications, and decision-making processes, OTs are used to monitor and control physical processes, machinery, and industrial operations. They are usually in industrial settings such as machine and control rooms and are made of programmable logic controllers (PLCs), supervisory control and data acquisition (SCADA) systems, distributed control systems (DCS), and sensors and actuators. The main difference between ITs and OTs is that the first is data-centric (important to keep the integrity, and availability of information), and the second is operation-centric, crucial for the maintenance and real-time operation of actual machines and systems.
The convergence of both technologies is a hot topic right now, especially with the rise of the Internet of Things (IoT), where IT is combined with physical objects (like homeware machines, fitness-tracking watches and bracelets, and home security systems). You can now schedule your house cleaning through an app on your phone that’s connected to your vacuum. What a wonderful world, right? However wonderful this may sound, the world of IoTs is also susceptible to crime. Let’s say you have a home security system that besides being connected to a security company, is also linked to your phone. Hackers can disengage the system by hacking into your mobile device and rob your home without you even noticing. Sounds alarming, right?
Dangers Laying in OT Systems
If the OT systems of these places shut down, it can compromise entire operations, leaving towns without water, electricity, or communications. There are still manual protocols in place for when they are eventually needed, but everything runs mostly on dedicated software, some of it remote. Hackers seem to have come to the same conclusion we did before: there are no strong security measures in place for some of these structures, which means they’re more easily “hackable” and corruptible. And there’s proof: just this year, Wisdiam reported dozens of attacks on water treatment centers and the telco sector all over the world, including the US, the UK, Australia, Spain, and Portugal. While some of them were classified as data breaches, others were intended to compromise the physical systems, and successfully. In March 2024, the hack on four Ukraine telecommunications providers left users without service for over a week. Earlier, in January, water and wastewater centers in four Texan cities were hit by a major attack that although controlled in time, ended with the overflow of one of the tanks.
It’s only natural to assume that hackers will become increasingly perceptive in finding new ways to hack into IT and OT systems. Compromising information technology can have some grave impacts, but they’re not necessarily physical. If the OT of a power plant is seriously compromised, it can leave thousands without electricity and heat. Most of the reported attacks were thankfully reverted thanks to manual protocols, but as technology advances and companies invest more and more in it, things might not always work for the best.
Preventing OT Attacks
There’s no magic pill to prevent cyber attacks, but there are things that people dealing with OTs can do to mitigate the risk. IT/OT convergence is very beneficial in some areas, but it demands more caution, as attacks can be perpetrated through the IT system to affect the OT.
Integritee is the most scalable, privacy-enabling network with a Parachain on Kusama and Polkadot. Our SDK solution combines the security and trust of Polkadot, the scalability of second-layer Sidechains, and the confidentiality of Trusted Execution Environments (TEE), special-purpose hardware based on Intel Software Guard Extensions (SGX) technology inside which computations run securely, confidentially, and verifiably.
Community & Social Media:
Join Integritee on Discord | Telegram | Twitter | Medium | Youtube | LinkedIn | Website
Products:
L2 Sidechains | Trusted Off-chain Workers | Teeracle | Attesteer | Securitee | Incognitee
Integritee Network:
Governance | Explorer | Mainnet | Github
Common European Data Spaces: Fostering Data Innovation & Collaboration in the EU
How Biometric Data Collection Can Be Dangerous — Even When Built With Blockchain
Hyperautomation: The Power of Blending AI, Blockchain, and RPA
For the Greater Good: Using Blockchain for Social Change
Bug Bounty Programs: How Outsourcing Can Help Your Project
DePINs: Harnessing the Power of Connectivity to Build Real-World Applications
MiCA & Other Crypto-Related Regulations: Striking the Right Balance
DEXs on Polkadot: Leveraging the Power of Substrate & Shared Security
Slot Auctions vs Coretime: What’s Changing for Polkadot Projects
DEXs: The What, The Why & The How of Decentralized Exchanges
The Potential of Tokenizing Assets: From Houses to Private Equity & Whisky
Embracing Unpredictability: The Role of Randomness in Blockchain
Uncovering Blockchain Consensus Mechanisms: Proof-of-Stake, Proof-of-Work & Beyond
Decoding CBDCs: Advantages & Challenges in the Digital Monetary Landscape
Unleashing Scalability and Speed: The Importance of Layer 2 Blockchain Solutions
Bear With Us: Blockchain Technology is Still Relevant, Even when Crypto Declines
The Imperative for Privacy in Blockchain: TEEs & Privacy-Preserving Software
How Blockchain is Benefiting Numerous Industries: From Sustainability to Brand Quality Control
KYC in Web3: How DiD is Saving the Day for Projects & Companies
Blockchain in Aerospace: Reducing Costs & Enhancing Efficiency
DAOs: How Fair can Decision-Making be and Why is Private Voting Essential?
Web3 Bounties: Rewarding Developers with Tokens
Digital Twins: Increasing Efficiency Without Compromising Privacy
AI and Blockchain: The Combo of the Future
L2 in Blockchain: TEE Sidechains vs ZK Rollups