Cloud Hosting

As usual, financial gain is the biggest motivation behind cyber hacks against operational technology. About 80% of OT environments were nailed by ransomware scams last year. Etay Maor, senior director of security strategy for Cato Networks, discusses how aging technology, infrequent patching made difficult by work stoppages, and limited security resources make OT systems vulnerable, and how organizations could mitigate these challenges.

Much has changed for operational technology (OT) in the past decade. The rising demand for improved connectivity of systems, faster maintenance of equipment and better insights into utilization of resources has given rise to internet-enabled OT systems, which include industrial control systems (ICS) and others such as supervisory control and data acquisition (SCADA) systems, distributed control systems (DCSs), remote terminal units (RTUs), and programmable logic controllers (PLCs).

With everything becoming internet-facing and cloud-managed, the manufacturing and critical infrastructure sector (i.e., healthcare, pharma, chemicals, power generation, oil production, transportation, defense, mining, food and agriculture) are becoming exposed to threats that may be more profound than data breaches. Gartner believes that by 2025 threat actors will weaponize OT environments to successfully harm or kill humans.

See More: Recovering From a Cybersecurity Earthquake: 4 Lessons Companies Must Learn

According to SANS research, there are four key reasons why cyber criminals attack OT and Industrial Control Systems (ICS) environments: Ransomware or financial crimes; state-sponsored attacks that cause wide-scale disruption like NotPetya (credited for causing massive collateral damage and the worlds first power blackouts); attacks by non-state attackers for terrorism or hacktivism (e.g., Oldsmar, FL water treatment facility hack) and attacks on devices and things that cannot protect themselves. Financial crime is the biggest driver, with 80% of OT environments experiencing a ransomware attack last year.

A number of reasons make OT/ICS environments vulnerable:

We need to fundamentally change our thinking in terms of how we build these systems and whether or not they should be so readily accessible. Here are best practices that can help:

Legacy cybersecurity approaches are predicated around protecting technology, but this approach becomes irrelevant with internet-facing OT. This can be easily demonstrated with the Purdue model, where historically, information flows from level zero to level one to level two and back. It did not have to flow through a network but through machines connected to networks. Security teams have to lock these machines down to secure their infrastructure. Today, with the proliferation of ethernet on the manufacturing floor, any level can communicate with the external world; hence, this approach has become obsolete. Enterprises must instead follow a micro-segmentation approach where security can be layered on each functional area within the process to contain any attack.

With more and more ICS networks embracing the benefits of the cloud, the perimeter is no longer the defensible position it once was. Studies show that Level 3 of the Purdue Model (which processes data from the cloud or higher-level business systems) is affected by the most number of vulnerabilities. Moreover, the rise of remote work and the growing use of remote administration applications like VNC (virtual network connection) and RDP (remote desktop protocol) requires a strong identity access management solution that does not extend too much trust to authorized users. Leveraging SASE (secure access service edge), which converges SD-WAN (software-defined wide area networking) and SSE (security service edge) into a global cloud service, is one-way enterprises can manage, control and monitor the connectivity of data centers, branches and edges and implement a never trust, always verify approach.

Industrial security is a team sport. You need vast experience and knowledge so many different disciplines: chemical engineering, process engineering, mechanical engineering, electrical engineering, human psychology, cybersecurity, industrial networking, traditional networking and cloud services. Since most threat actors tend to live off the land before they reveal themselves, it is important for security teams to have a pulse on not just cyber variables but also process variables and physical variables like temperature, pressure flow, movement, time, etc.

Employees, vendors, partners, asset owners, engineering teams and operators are jointly needed to mitigate potential threats and deliver effective incident response effectively.

Industrial environments must always be safe, secure, and operational. Safety should be treated as one of the most foundational elements alongside availability, integrity, and confidentiality.

How are you protecting your OT environment? Share with us on Facebook, Twitter, and LinkedIn. Wed love to know!

See the article here:
Why OT Environments Are Getting Attacked And What Organizations Can Do About It - Spiceworks News and Insights