One of the largest and most profitable automakers in the world was forced to shut down a production plant due to a major IT incident. According to a report by international news agency Reuters, the suspension of manufacturing operations took place on June 19 at the Sayama plant, located near Tokyo, after information security staff were alerted to the presence of the WannaCry ransomware worm in the factory’s computer network.
WannaCry is the name given to a ransomware attack that crippled the operations of transportation and public health systems in the United Kingdom, Brazil, Singapore, Russia, and a few other countries in May 2017. The fast spread of WannaCry was made possible by a Windows exploit developed by the United States National Security Agency and stolen by a shadowy cybercrime group. After the exploit was leaked to the public for the purpose of embarrassing the NSA, another group used it to spread the WannaCry ransomware attack.
Although shutting down the Sayama factory was a temporary precaution that did not affect Honda’s bottom line, it is worth mentioning that automakers such as Nissan and Renault took similar measures weeks before when the initial WannaCry wave was reported.
Loss Mitigation Through Incident Management
Being able to recover from major IT incidents such as the WannaCry attack requires effective management. There is only so much that can be done in terms of prevention; in this particular case, no one could forestall that a cyber weapon developed by the NSA would ever fall into the wrong hands.
Proper management of the incident response lifecycle is essential to minimize the impact to business processes. The response cycle starts with being able to get a complete view of all network events and how they are being impacted. The next step is to send out alerts and properly route them to the right expert. Collaboration should be formulated at this point while stakeholders are informed. You can read more here about the response cycle.
The Honda WannaCry incident was not catastrophic because IT security staff had already reviewed the post mortem reports issued by the entities affected weeks before. Security analysts who discussed news reports about the Honda incident commented that a patch to protect against EternalBlue, the name given to the stolen NSA exploit, has been available since March.
It goes without saying that it is very difficult to fully protect and patch major networks such as Honda’s against each and every known threat. In the case of EternalBlue and other leaked NSA weapons of cyber warfare, Microsoft chose to release patches in a very quiet manner. Some analysts believe that NSA officials talked Microsoft into not sounding the alarm for the purpose of diminishing the embarrassment of the intelligence agency.
In the end, it can be said that proper incident management can be as important as keeping a network as safe as possible. Vulnerabilities and exploits are discovered on a daily basis; as such, there will always be a likelihood of networks falling victim to new threats.