In response to reports that Slovenia’s biggest power provider has suffered a cyberattack, Barrier Networks CTO, Ryan McConechy gives his response. Reportedly, the attacks locked some of the country’s systems and data but left operations unaffected.

According to the report, the attack is considered one of the biggest such incidents in Slovenia’s history. Apart from IT and cyber security experts, the national intelligence agency SOVA and the Defence Ministry’s security and intelligence service are looking into the background of the incident.

Slovenia has seen quite a few cyber attacks in recent years, most recently the Foreign Ministry earlier this year in an attack that media reported had been executed by Chinese hackers who were only interested in documents related to China and Slovenia’s policies on China.

The Defence Ministry and the police were targeted in a hacking attack in September 2022 but the ministry’s system was not breached and only a few police computers were infected.

Barrier Networks CTO Ryan McConechy comments: “When critical national infrastructure organisations suffer a cyberattack, there is a strong possibility they will disconnect the services they provide into society, which can have devastating effects on citizens.

In 2015, a cyberattack on a power supplier in Ukraine caused electrical blackouts across the country, while in 2021, a cyberattack against Colonial Pipeline caused fuel shortages across the US. Both these incidents have demonstrated the very physical consequences of cyberattacks, so it is fortunate that HSE seems to have escaped without any fallout on operations.

While the communications from HSE state that the attack has not compromised operations, data does appear to be encrypted, so the organisation will need to investigate this as a priority. With the data potentially in the hands of Rhysida, this could be sold on and used by nation state adversaries to harm Slovenia.

Today, many critical national infrastructure organisations have moved away from manual operations, taking advantage of digital to improve the safety and efficiency of plants. But this introduction of automation has made these critical organisations more vulnerable to cyberattack. As a result, security must be rolled out in tandem with modernisation.

The biggest challenge for industrial organisations is visibility across their entire network, which often leads to blind spots that are exploited by criminals. You can’t protect what you can’t see, so tackling this issue is the number one priority. This means OT and security teams must have an inventory of all connected devices within the network and ensure they have visibility across all of these assets. Once they have this inventory, they must carry out security assessments to identify and mitigate any vulnerabilities that exist. Once industrial organisations have visibility across their assets and have implemented segmentation, they must then run a regular security programme where they monitor for threats, run scheduled patch updates and practice incident response training to help minimise risks.”

For more Barrier Networks news, click here