When implementing cybersecurity measures, IT systems are often the first consideration. Historically, cybercriminals have made IT systems the focus of their attacks in the hopes of hijacking sensitive, private data to hold for ransom or utilise for other nefarious means. Operational technology (OT) systems, on the other hand, have long been considered inherently secure and have received less cybersecurity scrutiny.
Until recently, OT systems, which control industrial, manufacturing and infrastructure systems, were not connected to the internet, which helped shield them from the tremendous volume of cyber threats that have long plagued the IT world. However, with the arrival of Industry 4.0 and the Internet of Things (IoT), the rules have changed.
As OT systems embraced trends in digitalisation and automation, once disparate IT and OT domains have become increasingly linked. While this linkage helps drive efficiency and improve operations in many ways, it also creates more attack openings in OT systems. Unfortunately, cybercriminals are finding and exploiting these openings. McKinsey recently reported that attacks on OT systems have been increasing rapidly since the start of the COVID pandemic, with attacks jumping by 140% between 2020 and 2021. Additionally, a recent study in the U.K. found that 42% of the nation’s manufacturers suffered cyberattacks over a recent 12-month period.
Contributing to the success of these attacks is the fact that OT system operators have not traditionally focused on cybersecurity issues. Unlike IT systems, OT systems are often run by engineers who prioritise goals like physical safety and uptime, relegating cybersecurity to the back burner. However, with the uptick in digitalisation and the implementation of new IoT devices – not to mention the meteoric rise in OT attacks – this approach is clearly no longer viable. Attacks on OT systems have the potential to not only cripple a company financially but also to negatively impact millions of end-users via shutdowns, outages, and threats to public safety. To avoid a potentially devastating attack, today’s OT system operators must prioritise cybersecurity and make cyber protection a lynchpin of their overall business strategy.
Monitor and prioritise
There are a number of steps that organisations can take and best practises to adopt to protect their OT systems. First, a critical step in the fight against cyber risk is to ensure that managers have a holistic view of the OT network – that they are able to see all assets clearly. Effective cybersecurity management requires complete, timely visibility across the entire OT network so that cyber issues can be spotted quickly, no matter where they occur. It’s important to ensure that all updates and additions – whether they result from acquisitions, IoT advancements, or simply organic growth – are visible and immediately added by an always-on asset-monitoring solution.
Additionally, if an attack does occur, it’s critical that managers have the ability to quickly and accurately assess its severity and potential impact. The reality is that most organisations lack the manpower and funding to give every possible risk adequate time and attention. Thus, it is crucial that OT managers have the tools in place to properly prioritise risks, identify which assets are most important to business processes, and adjust their security resources and investments accordingly.
The importance of segmentation
In addition to continuous monitoring and effective prioritisation, one of the most important things OT managers can do is to ensure IT-OT network segmentation. While historically, IT and OT networks operated as two separate environments with distinct purposes, IoT advancements of recent years have changed all that by bringing the two networks closer together, sharing data and access. However, in the process, this has created more overall attack vectors and risks to both networks. There’s no denying that segmenting complex and interconnected networks can be complicated and costly, but it is considered an industry best practise to manage the two networks separately, despite these complications and costs. Indeed, the Cybersecurity and Infrastructure Security Agency (CISA) encourages organisations to segment and separate their networks and functions, as well as minimise any non-critical lateral communications.
Segmentation is effective because it limits the attack surface of each network, making it easier to detect and isolate attacks when they do occur. Cyberattacks have grown in sophistication with more attempts to bridge the two networks by breaching what has become known as the IT-OT “air-gap.” Network segmentation helps close this gap by preventing unauthorised access of one network from the other, thus impeding hackers who attempt to access both networks.
Beyond air-gapping, network segmentation also delivers several other benefits. First, it enables operators to utilise different security measures for each network. Second, it enables easier implementation of security controls over the access of different types of employees and access purposes. Segmentation also focuses OT security management by determining clear ownership and responsibility. Finally, going through the network segmentation process itself often helps uncover unknown or unused devices (assets) that could pose risks that would not have been detected otherwise.
It should be noted, however, that in order for segmentation to work as advertised, networks must be well-maintained with identity-based access controls in place. The standard use of static username and password combinations doesn’t provide the protection required in today’s OT environment and should be upgraded to more modern access controls immediately.
Yet another access-oriented security measure that companies should take falls on the less technical side of the spectrum. With more people working remotely, many organisations have expanded network access to a growing number of employees. So, it should come as no surprise that limiting access as much as possible to select groups of personnel is a key step in maintaining security. This includes restricting both physical and electronic access, putting tight controls in place for and system modifications, and updating security controls across all legacy equipment.
Keeping operations moving
Lastly, as touched upon earlier, a top priority for OT operators is always to ensure continuity of service. With potentially millions of end users depending on a given OT system for crucial amenities and services – like water, electricity, transportation, and more – the importance of reliable, uninterrupted service cannot be overstated. Since it is practically impossible to prevent all cyber breaches, OT cybersecurity measures must be able to preserve as much operational functionality as possible, even when subjected to an attack. This requirement must be incorporated into any OT cybersecurity strategy.
Cybersecurity as strategy
Times have changed for OT system operators. Advances in digitalisation and the rise of IoT and Industry 4.0 have helped drive more productive, efficient systems, but they have also brought about new vulnerabilities and exposed OT systems to the threat of cyberattacks. Combatting these threats is doable, but it requires a culture change among OT system operators. Cybersecurity can no longer be an afterthought. Instead, it must be prioritised and made a central component of overall business strategy to protect against potentially devastating attacks. With the right cybersecurity strategy in place, organisations can reap the benefits of industrial digitalisation without suffering cyber setbacks.
Article by Ilan Barda, CEO, Radiflow
Comment on this article below or via Twitter: @IoTNow_
