We can add “OT systems” to the list of what could be compromised by the SolarWinds cyberattack, and the impact may not be seen for months, according to an article in national security blog Lawfare. “OT” stands for operational technology, defined by the writers as “systems that effect the physical world.” This would include power supplies and power distribution units.
SolarWinds has thousands of customers, including major companies and government sites, to whom it provides software used to manage complex networks. Although SolarWinds says it has reverse-engineered the hack and cannot confirm its source, it’s been widely reported to have come from Russia. According to the Lawfare article, Russia has proven to be adept at control system cyberattacks, notably in Ukraine. There it’s said not only to have shut down much of the power grid in 2015, but also, for some time, to have thwarted operators’ attempts at a workaround.
“OT devices,” say the Lawfare writers, “have largely been overlooked or simply ignored when it comes to network security.”