Real-world implications of cybersecurity incidents are escalating. The recent ransomware attack that raided the networks of the Brazil-based meat processing giant JBS has demonstrated how severely security slip-ups in the area of operational technology (OT) can affect businesses and numerous people who rely on specific products and services.
With that said, digital transformation appears to be a double-edged sword. While playing a major role in industrial evolution, it provides threat actors with more entry points to access organizations’ digital networks, and hence physical assets. With the enterprise ecosystem heavily relying on IT systems to maintain day-to-day production and supply chain activities, the stakes are high and so is the importance of protecting the technology at the core of these workflows.
What Is Reshaping the OT Threat Landscape?
In their early days, industrial control systems (ICS) and supervisory control and acquisition (SCADA) systems were virtually beyond the reach of cyber crooks because they were isolated from the rest of a company’s IT infrastructure and the public Internet. Things have changed over time. Nowadays, organizations hinge on continuous data exchange between business management systems and IT tools geared toward production oversight.
The deep integration of these segments within a single network turns the average enterprise architecture into a miniature Internet of Things (IoT) with multiple intertwined devices and plenty of potential points of failure. As a result, a cyber-attack like the above-mentioned JBS incident or last month’s Colonial Pipeline hack allows perpetrators to move laterally inside the network and disrupt different tiers of the production cycle through data encryption or some other form of sabotage.
When a massive IT system undergoes an emergency shutdown, its normal functioning cannot be resumed by simply turning a “magic switch” back on. In addition to restoring its elements from a backup, the company may have to reinstall the impacted device firmware, re-establish interaction with retailers and managed service providers (MSPs), dispose of waste materials, and suffer financial losses getting a stable production workflow back on track.
Things get worse if a breach leads to technological hazards entailing personnel injuries or environmental damage. This is a likely outcome of cyber-incursions against SCADA systems used by objects of critical infrastructure.
Blunders That Play into Criminals’ Hands
Despite today’s unprecedented risks that may lead to harsh consequences down the road, many organizations continue to be low-hanging fruit because they neglect the fundamentals of security hygiene. For instance, some are still running obsolete operating system versions such as Windows 7, Windows XP, and even Windows 98. These platforms don’t get security patches and are susceptible to easy compromise via public exploits that piggyback on known vulnerabilities.
Another roadblock is that cybersecurity best practices like penetration testing, incident response planning, as well as the use of intrusion detection and prevention systems are mostly the prerogative of the “white collar” part of organizations. Phishing also remains a huge problem. Malefactors use social media, people search servicesand other available resources to collect information about employees to prepare targeted emails. Meanwhile, safeguarding the IT components of the production cycle remains a low-priority task.
Operators of growingly sophisticated machines used in the manufacturing process may have a shallow understanding of how security works. Some of them don’t bother changing the default passwords for web-based equipment management consoles and routinely postpone critical software updates, only to expose the systems to malware attacks and other types of exploitation.
OT Security Done Right
The positive aspect of protecting industrial networks against malicious interference is that the amount of data traveling between OT devices is lower than the traffic generated by traditional IT systems. This makes it easier for organizations to monitor activity at the level of production endpoints and detect unauthorized changes. This process is multi-pronged and spans the following components:
- OT asset inventory. To gain visibility into their operational technology environment, companies need to stay abreast of the equipment in use. This could be difficult if the manufacturing facilities are scattered geographically, but it’s undoubtedly worth the effort. Dedicated personnel should keep such an inventory up to date by adding details that uniquely identify each device, including the model, serial number, firmware version, the latest firmware update, and the department using it.
- Network segmentation. Since the OT ecosystem must interoperate with the IT network to ensure seamless business activity, these components cannot be physically separated from each other as they used to be. This convergence might pave cybercriminals’ way towards accessing vulnerable OT assets via IT system loopholes.
Network segmentation is a decent trade-off between the complete isolation of industrial powers and their unrestricted interaction with the rest of the enterprise network. Companies can enforce protocols that specify access controls throughout their OT segments and prevent certain types of traffic from reaching the production environment.
- Comprehensive OT threat prevention. The security posture of some organizations is still focused on protecting the office-level infrastructure, and this needs to change. It’s time to extend cybersecurity practices to the operational technology area and integrate all the defenses to build an overarching security monitoring and incident response system.
An OT asset inventory will allow InfoSec teams to quickly address security flaws in device firmware and remediate the damage caused by malicious actors. Solutions worth deploying that fit the OT context include behavioral analysis tools, anti-malware, and access control systems such as video surveillance and biometric identification.
OT security is a continuous process that requires coordinated efforts of IT security staff and device technicians. Some organizations aren’t yet mature enough to take up the challenge on their own. Thankfully, trusted one-stop tools such as Nuvolo OT Security can facilitate the protection by identifying threats and enabling device remediation through automated workflows.
It’s high time corporate decision-makers aligned their mindset with the need for safeguarding operational technology to the same extent as they protect traditional digital assets. Bridging this gap is a key prerequisite for resilience in the face of today’s hybrid cyber-attacks.