The Defense Armaments Agency announced today that production of 155mm artillery shells at Blackshear Arsenal in Georgia has been halted for two weeks due to multiple ransomware attacks on subcontractors supply parts for the high-tech munitions that are being consumed in high number in the Ukraine. “We are unable to obtain component parts for the fuses and attitude control systems because various manufacturers have had production interruptions due to cyberattacks on manufacturing facilities,” Samuel C Robinson, spokesperson for the Agency, told reporters this morning.
The Federal Bureau of Inquiry is the lead agency in the investigation because the facilities are not directly contracted by the Department of Defense. According to Johnathan Quest, FBI spokesperson, the companies involved provide parts to component manufacturers that supply the Blackshear Arsenal. “In most cases, the initial set of attacks were being investigated by State and local authorities as routine ransomware attacks,” Quest explained.
General Turgidson, Director of the National Critical Infrastructure Security Operations Center (CI-SOC) which is supporting the investigation, it was not until Blackshear reported supply interruptions of multiple contractors that national level interest was focused on the investigation. “For the most part, these are small businesses using highly-automated manufacturing systems to provide small volume, high-tech components for these ammunition components,” Turgidson explained.
“It looked like these were simply ransomware attacks on random organization when we first started receiving reports form our suppliers” Blackshear spokesperson George Forno told reporters; “When we started receiving reports of damaged control systems after ransoms were paid, it became apparent that this was something more organized.”
“We are still not convinced that this is a centrally directed effort,” Quest responded. The FBI has isolated four different ransomware programs associated with known criminal groups from Russia, North Korea, Iran and Nigeria.
CI-SOC had determined that there have been some indicators that some unknown actor is providing corporate access data to known ransomware groups. “While most of these small businesses do not have significant cyber defenses due to a lack of cybersecurity personnel, there have been at least two of the facilities have been supported by the CI-SOC,” Turgidson explained; “Access to those systems took a level of sophistication not normally associated with criminal organizations.”
A technician at CI-SOC that is not authorized to talk to the press has told me that a number of cybersecurity and industrial control system companies are working closely with CI-SOC, the FBI and the affected facilities in a coordinated effort to get them back on line. Turgidson confirmed that this is an all-hands effort. “We cannot afford to allow production at Blackshear to remain idle while our allies in Ukraine are preparing for an expected Russian offensive. They need these 155mm shells.”
No comments:
Post a Comment