OT-security-challenges-solutions-og-image

OT Security Challenges and Solutions

Leave a Comment / OT, ICS / Sharath Acharya

OT Security – Though the term sounds familiar, global SRM leaders are yet to develop robust OT security solutions for protecting OT networks. Sectrio’s The IoT and OT CISO Peer Survey 2022 highlights that close to 90% CISOs reported one major cyber incident in the last 12 months. Most respondents stated that operations were halted for over four days, incurring losses of over $2.5 Million. The stats mirror the current situation. As if this is not enough, here is another wake-up call. According to a survey, over 30% of critical infrastructure organizations will likely be the victims of OT attacks and threats by 2025. Many point out fingers at the rapid digitization of technologies that propels critical infrastructure. On the same lines, we cannot ignore the fact of the underspending when it comes to establishing and realizing OT security. It took a mammoth effort of countless ransomware attacks, data breaches, and cybersecurity attacks to make us recognize the need for cybersecurity. This transition happened over a decade. Cyber-attacks on IT systems primarily affected individuals and firms, and government organizations. Also read: How to get started with OT security It will not be the same in case of an OT attack. A nation’s security would be at stake if it were a large-scale OT attack. Despite an ever-growing list of OT security vendors, many companies still choose not to opt for OT security solutions. The reason can either be due to budget constraints or failing to acknowledge the consequences of an OT attack. More worrying is that over 80% of the CISOs believe their supply chains are vulnerable to cyber-attacks and OT security attacks. Cyber-attacks on OT networks are an ever-growing concern in the industry. One can minimize exposure to such attacks by following protocols and identifying commonly experienced OT security challenges. This approach will help a CISO and the company’s C-Suite to understand their needs while discussing with various OT Security vendors. Top 10 OT Security Challenges and Solutions: The digitization might have exposed OT networks to more frequent and sophisticated cyber-attacks. But there are other reasons that one needs to understand to address the problem. Subscribing a random OT Security Solutions suite may not protect an OT network entirely. Evaluating the security posture of an OT network prior helps in understanding the kind of security solutions needed. Before addressing the common OT security challenges an OT network might face, it is essential to understand the difference between Challenges and Threats. Challenges are the adversaries that one can address using available resources. Threats are those adversaries that require additional or highlight the lack of resources in a specific domain. The following are the most common OT security challenges on an OT network. To keep you less worried, we also listed the solutions that can help you to handle these challenges. 1. Attrition of Network Architecture Most OT Networks currently existing were designed in the early ’90s and built into the late ’90s, with few in the early 2000s. The security of an OT network work’s on the design philosophy of isolation – completely separated from other networks. This technique ensured default protection of an OT network, irrespective of the advancement of IT-related threats. The OT networks were often guarded by strict protocols at their respective sites, eliminating most threats. The decades-old OT networks need continuous maintenance and installation of upgrades. Rather than periodic and broad-scale upgrades, most manufacturing plants opt for ad-hoc upgrades. This pattern can lead to a gradual attrition of security. Most OT networks’ security architecture follows the Purdue Model of Control Hierarchy – a six-layered, well-defined security protocol. Security erodes with time. One can attribute Ad-hoc updates and those changes made to machinery without considering the impact at a broader level to this. Adding to this, the adoption of ‘wireless communication’ has further worsened the security woes. Despite robust OT security solutions in place, having these vulnerabilities puts the OT network at risk in its entirety. Solution: Managers at manufacturing plants should plan for a complete assessment of the OT network’s security posture ahead of the scheduled updates. It is better to replace obsolete components with new ones on the network than to opt for ad-hoc updates. Trying to extend the lifespan of outdated components through patching and ad-hoc updates weakens the security posture. The cybersecurity team must understand the broad impact of any update before installing it on any device. No one should override the ‘Purdue Model of Control Hierarchy’ or the established set of security protocols to facilitate the installation of any device on a network. As we speak, OT and IT networks are consolidated into a giant complex network. Enterprises should have a comprehensive suite of OT security solutions, preferably from multiple OT Security vendors. 2. Obsolete Machinery and Legacy OS The obsolete machinery and the legacy OS add more weight to a weakening OT network. While obsolete machinery is directly responsible for low productivity, it is solely responsible for ‘incompatibility’ across various systems. Given that every vendor’s software and protocols are proprietary, compatibility across components from different vendors is impossible. Adding to it are the ever-growing cybersecurity concerns. Despite the availability of many OT security vendors, securing obsolete machinery running on legacy OS is impossible. The history of vulnerabilities in Microsoft XP and Windows 7 are well covered. With Microsoft discontinuing the support for these Operating System software, enterprises are left bare in cyberspace, waiting for an attack to occur. These archaic machines and systems do not support modern-day security protocols and have no room for flexibility and scalability. A system crash on this infrastructure results in data loss and a recovery time of hours. If a component fails, this downtime runs into days and even weeks, given the scarce availability of spare parts. High maintenance costs further hit the margins. Knowing that data is the oil of the 21st century, these obsolete machines and legacy OS systems cannot make the most of it. The utilization of data is what decides the fortunes in the present and future. Many enterprises fail to comply with statutory and other regulations by

OT Security Challenges and Solutions Read More »

How to implement micro segmentation in an OT environment

ICS, OT / Sharath Acharya

Micro segmentation is a proven security strategy that works by dividing a network into much smaller and more secure segments. This helps in limiting the spread of a cyberattack in case of a breach thereby containing the event and its implications. Microsegmentation involves creating security zones around individual devices, applications, or services within an OT network thereby isolating them from other parts of the network. At its heart microsegmentation involves security via access denial. In an OT environment, micro segmentation can be used to secure critical infrastructure systems including power plants, water treatment facilities, and manufacturing plants. 4 key benefits of having Micro segmentation in an OT environment 1. Enhanced Security micro segmentation significantly improves security by shrinking the attack surface area. In a worst-case scenario where an attacker manages to breach one segment, they would face additional barriers to gain access to other segments. Thus the mobility of a hacker or malware is significantly limited. 2. Improve operational efficiency By segmenting network traffic and limiting the many broadcast domains, micro segmentation can lead to improved network performance and reduced congestion. It ensures the availability of dedicated bandwidth and resources to critical OT resources thereby optimizing their performance. 3. Compliance Micro segmentation enables security teams to deploy security policies at a granular level. This improves their ability to comply with standards such as IEC 62443 and NERC-CIP. By segregating sensitive systems and data, organizations can easily demonstrate compliance and even meet audit requirements. 4. Adaptability and Scalability Micro Segmentation offers flexibility in adapting to and managing evolving network architectures. When new devices or services are added, they can be assigned to appropriate segments, thereby ensuring a secure, dynamic, and scalable network infrastructure. Planning for implementing micro segmentation in an OT environment Implementing micro segmentation in an OT environment requires careful planning, network (awareness and) visibility, and a thorough understanding of the operational requirements. To begin with, complete a thorough assessment of your OT environment and inventorize all your OT assets and segregate them based on criticality. Follow these steps once the OT asset inventorization bit is complete 1. Understand the OT Architecture Understand the interdependencies and communication patterns of all key systems and map them 2. Define segmentation policies Using the initial assessment, determine the segmentation policies and access controls needed for each segment. Consider various factors such as security requirements, operational needs, compliance mandates, and any network or asset restrictions. Define rules for communication within and between segments to ensure a smooth flow of data. The policies should be so defined to improve network visibility and efficiency while minimizing any scope for latency. 3. Design network segments Conceptualize a network segmentation plan that aligns with your segmentation policies and overall goals. Determine the boundaries and scope of each segment, factoring network topology, physical and logical separation, and traffic flow requirements. 4. Implement access controls Deploy access control mechanisms including firewalls, switches, routers, and security appliances to enforce the segmentation policies defined in the earlier step. Configure the rules and policies to control traffic flow and restrict communication-based on the principle of least privilege in line with Zero Trust. 5. Establish adequate controls for monitoring and visibility Implement network monitoring and visibility tools to gain an in-depth view of network traffic, segment interactions, and potential security incidents. This helps in identifying anomalies, detecting unauthorized communication attempts, preventing breach attempts, and ensuring ongoing compliance. 6. Test often and validate Conduct thorough testing and validation of the implemented micro segmentation strategy frequently. Verify that the intended segmentation is working as per defined goals and principles without disrupting any critical or non-critical operations. Conduct penetration testing to discover any vulnerabilities or misconfigurations at that could impair the gains from micro segmentation. 7. Deploy segmentation controls Deploy the micro segmentation controls gradually, starting from less critical segments and gradually moving towards the more critical ones to minimize any disruption. This approach will enable fine-tuning and adjustment of controls and rollout based on real-world operational scenarios. 8. Train staff and improve security sensitivity Run training and awareness programs for OT and IT personnel involved in managing and operating the segmented network. Ensure that they understand the purpose, goals, benefits, and proper use of micro segmentation. Train them on incident response and handling procedures specific to segmented environments. 9. Monitor, maintain, and update Continuously monitor all network segments, review access control policies, and update them as needed. Regularly assess the effectiveness of micro segmentation controls and adapt them to evolving threats and operational changes. 10. Regular auditing and compliance checks Conduct regular and calendarized audits to assess the compliance of the micro segmentation implementation with relevant industry standards and regulations. Address any identified gaps or non-compliance issues promptly. There are many ways to deploy micro segmentation in an OT environment taking into account factors such as goals, size of operations, security needs, and compliance mandates. One approach is to use network segmentation devices such as firewalls and switches as per the pre-defined segmentation architecture. Organizations can also use software-defined networking (SDN) technology for micro segmentation. SDN can be utilized to create virtualized networks. These networks can then be segmented and controlled way more easily. Find out how Sectrio can help Micro Segment your OT/ICS Network: Micro segmentation The best path to micro segmentation The best approach for implementing micro segmentation in an OT environment will almost certainly depend on the specific needs of the organization and the security team involved. Based on the maturity of security practices, OT micro-segmentation can be fine to create a bigger sum of parts. Micro segmentation is most certainly a valuable security strategy and tactic that can help to protect critical infrastructure systems and improve your security posture. Request a demo and find out how Sectrio can help elevate your security posture today: Request a Demo

How to implement micro segmentation in an OT environment Read More »

Why IoT Security is Important for Today’s Networks?

Cyber Security, IoT / Sharath Acharya

Internet of Things is the acronym for IoT. With each ticking second, our lives are becoming more intertwined with digital gadgets and spaces. The Metaverse revolution set to unfold soon only deepens our digital interactions. Given the non-standard manufacturing of IoT devices and troves of data flowing through the IoT devices, we are constantly exposed to cyber-attacks. Vulnerabilities, cyber-attacks, data theft, and other risks arising from the usage of IoT devices make the need for IoT security solutions even more. Why do we need IoT Security Solutions in today’s networks? Lack of physical boundaries, improperly configured systems, non-standard gadget manufacturers, poor QC & QA (Quality Assurance and Quality Control) make a strong case when talking about IoT Security Solutions. The need for IoT security solutions is supported by two primary cases: Securing the functionality and digital perimeter of a network Data privacy IoT Devices – Network – Data in Numbers: Division Value Estimated IoT connections (by 2024) 83 Billion Active IoT Devices as of 2021 10 Billion IoT Devices Market by 2026 $1.3 Trillion IoT Medical Devices by 2025 $62 Billion Data generated by IoT devices by 2025 73.1 Zettabyte IoT Device connections per minute by 2025 150,000+ Global IoT Healthcare Market reach $14 Billion Estimated IoT Spending 2019 – 2025 $15 Trillion Market size of IoT in retail by 2025 $94.5 Billion Estimated Cellular IoT Connections by 2023 3.5 Billion The worth of IoT enabled Smart Factories in the US by mid-2022 $500 Billion IoT devices used in clinics, medical offices, and hospitals in 2020 (according to Forbes) 646 million Annual spending on IoT Security Solutions in 2021 (according to Forbes) $631 million Common Threat for IoT devices: The foremost challenge for IoT devices is the wide range of threat vectors that they are often subjected to. While few are due to manufacturers and firmware developers, others can be due to targeted cyber-attacks and system exploitation. No wonder, as many as 2 in every 3 households in the United States complained about cyber encroachment in the past couple of years. Most of them don’t have IoT security solutions in place to protect their data. How hackers enter networks: Outdated Operating Systems IoT devices running outdated/unsupported OS are easily exploited. Hackers can bring down an entire network by accessing a single vulnerable system on the network. The 2017 WannaCry Ransomware targeted 300,000 machines running on Windows. It successfully breached those systems which had no security updates. Poor Testing & Encryption Poor QC and QA lead to poor testing and encryption. Adding the lack of IoT security solutions to the network with such devices means exposing the network to attacks. With the increased availability of high technology, eavesdropping has become a profession. Israeli researchers managed to eavesdrop using a light bulb! Exposed Service Ports (Telnet and SSH) A report on ZDNet in 2020 revealed that credentials of over 500,000 IoT devices, home routers, and servers were published by a hacker, after the Telnet ports we left open. Similarly, in 2017, Rapid7’s National Exposure Index claimed that over 10 million IoT and other devices have their Telnet ports open. The development teams should close the Telnet ports post-product deployment. DDoS (Distributed denial-of-service) Attack Botnets are used to send enormous traffic to the server/device causing it to stop functioning. In 2016 internet service provider Dyn became the victim of a large DDoS attack. This led to a severe outage. Entry through HVAC and other Systems Entry through HVAC and other remotely controlled systems is the biggest threat IoT networks face. Usually, vendors are given remote access for the installation of systems and firmware. The endpoints of the vendor systems are often unprotected by a strong firewall and IoT security solutions. Hackers see this as an entry to gain access to the entire IoT network. Also Read: Rising threats on Critical Infrastructure amidst the Ukraine crisis 3 Most Vulnerable IoT Networks for Hackers! Each IoT network comes with its band of IoT security solutions deployed at various levels and failure points. The Medical, Consumer, and Commercial IoT networks are often the most affected. In a Consumer IoT network, the failure points are one too many. Devices operating on ancient operating systems and default passwords are the most vulnerable points. In Commercial IoT networks, remote access vendors of unmanaged IoT devices are often the primary cause. Affordability (in the case of Consumer IoT devices), and insufficient security testing are often the primary reasons for threats arising in Consumer IoT and Commercial IoT networks. Unsupported/outdated operating systems and devices from diverse vendors running various operating systems are the challenges faced by the Minerals and Mining industry. Despite various IoT security solutions that enterprises and consumers deploy, hackers still manage to break into networks through IoT devices and cause cascading effects. Without real-time management and dependable security solutions, these networks are often the softest targets for any hacker, hands down. Even critical infrastructure is currently nowhere equipped to deal with a swarm of intense cyber-attacks. Insiders make the case for IoT Security Solutions compelling! Many industries face the threat of snooping by their employees. There are verified reports of insiders planning to inject ransomware into systems, giving autonomous control and access to critical data to hackers. If not for the change of mind of the employee, Tesla would have been the victim of a bribed ‘malware attack’ on its system in 2019. Enterprises must step up in how they would limit the access to critical and sensitive information only to a very few, without affecting the Knowledge Transfer and other production aspects. This opens up a whole new dimension – the need to protect data even when internal systems are compromised. This is where IoT security solutions come into play and are often the salvation for many enterprises. Take a look at the state of OT and IoT cybersecurity in North America to understand how the kind of challenges OT and IoT infrastructure is currently facing. The big question: Are IoT Devices safe? The answer is

Why IoT Security is Important for Today’s Networks? Read More »

By Industry

By Compliance

Business Needs

Services

Contact Us