A RISK ASSESSMENT FOR RANSOMWARE PREVENTION IN OPERATIONAL TECHNOLOGY(OT) ENVIRONMENTS

Ransomware has become the primary attack vector for many industrial organizations during 2021. Incidents like Colonial Pipeline, Honeywell, and JB Foods showed the world that even when industrial control systems are not specifically the target, ransomware attacks on enterprise IT systems which are integrated with operational technology (OT) cause major disruptions. This paper considers a novel approach to conducting a risk assessment in such environments to produce a quantifiable value representing an organization’s risk exposure.

Ransomware not only creates unusable file systems, but it can also halt processes, stop production, disrupt distribution, and can cost millions of dollars and cause weeks long headaches for victims. By dumping data to dedicated leak sites ransomware gangs can release intellectual property and personally identifiable information (PII). The techniques are varied, but they have common themes, accessing the infrastructure through known vulnerabilities. Once adversaries achieve initial access, they execute other programs to gain a foothold in critical enterprise IT systems and can move laterally to OT systems. Victims must pay the ransom to regain access to their file systems and regain control of their processes that use the file systems. Victims must decide the best course of action for their organization.

Best practices, and better “cyber hygiene” have proven ineffective against the blended approaches ransomware adversaries employ. The research in this paper explores a solution to securing environments that is rooted in complex systems analysis and advanced mathematics, presented in a way that stakeholders can use immediately. In this approach we avoid much of the differential calculus that underpins it, to make this paper more easy to read and digest across a wide variety of industries.