Norsk Hydro has been applauded for how it handled its public relations, with daily updates on its progress in restoring operations. But had it not done so, the attack could have inflicted significant reputational damage and loss of confidence in the brand, for which the costs can be much higher – and take longer to recover from.
The company said it became the victim of an extensive cyber-attack in the early hours of Tuesday, March 19, 2019, impacting operations in several of the company's business areas. Norsk Hydro is a global supplier of aluminium, involved in the production of primary aluminium, rolled and extruded products, and recycling; it also extracts bauxite, refines alumina, and generates energy serving more than 30,000 customers across the value chain.
While the attack didn’t appear to be a direct breach of its manufacturing plant networks, production was affected at several of its plants as a result of not being able to connect to the networks as the latter had to be shut down to contain the virus that triggered the attack.
Many industry executives have given their thoughts on the cause and implication of the attack, thought to be caused by the LockerGoga ransomware.
Tim Mackey, a senior technical evangelist at Synopsys, is reported to have said in various online publications: “This attack provides a lesson in the value of both network segmentation and ensuring that threat models are created, assuming the threat comes from an internal source. With increasingly sophisticated attacks, organizations must assume attackers could compromise internal systems as easily as they might attempt to breach a firewall into a production system.”
Others commented on how simple it was to bring down production networks globally, and how any point of attack can impact an entire supply chain.
In the case of Norsk Hydro, they were able to identify, recover and remediate. But not many companies are ready for when their devices are compromised, which is why it’s vital to be prepared for a breach.
For suppliers of connected devices for Industry 4.0, it’s important to educate the end-customer on vulnerabilities and how to deal with them, help contain failures resulting from attacks, even if the devices are part of a multi-vendor systems, and enable the delivery of timely security updates to remediate after an attack.