The convergence of IT-OT and IoT has opened new avenues for hackers to target systems based on those three technologies. OT however, has been impacted uniquely as the security dimensions of OT have not been fully understood by security practitioners. With the collapse of the traditional air-gapped systems, OT devices are now being targeted extensively by various hacker groups. To counter them, we need to get to understand how are hackers breaching OT systems.
There are two main routes of entry for hackers into OT Security. One involves using networks as conduits to access a production facility in a connected OT environment. In an unsegmented network, all (compromised) connected assets could serve as entry points for hackers. This is especially true for OT operators in traditional industries such as manufacturing, power plants, oil and gas refineries, and pipelines that are now embracing some form of digital transformation and large-scale automation.
The second conduit involves a physical breach by an intruder carrying a USB drive with the malware payload and connecting it to the OT network from within. Such a modus operandi is often used to target OT systems within the defense, maritime, and power companies that still house unconnected or air-gapped OT security systems.
OT cyberattacks are thus not accidental episodes and require significant planning and execution finesse on the part of the hackers. In the case of many defense facilities such as radar stations, communication, and signals hubs, we have seen hackers or their enablers throw infected pen drives into the campuses of these defense entities to be used by an unsuspecting employee. Though the use of USB drives is strictly regulated, such devices still manage to become part of some of the large OT breaches we have seen in the last few years.
OT Security challenges and targets
Safety and control systems are high on the wish list of hackers. These are the systems that when accessed and modified can cause tremendous disruption and loss. Such breaches are also hard to contain and soon the news of the breach reaches the external world and the hackers through media. ICS and SCADA systems have been traditional targets for hackers and they continue to be targeted.
A safety instrumentation system or even an environment control system both of which are key to ensuring safety in plants and other locations which are accessed by plant personnel. This puts their lives at risk and could also pose a danger to critical instrumentation including their calibration which is often quite sensitive and even a minor change could trigger a series of production errors downstream.
Improving OT security
- Start by viewing IT and OT as extensions of the overall digital infrastructure and cover them through a unified security policy that takes into account unique cybersecurity aspects for them individually as well.
- The above policy should also contain common goals for both IT, IoT and OT security teams. Key KPIs and milestones should also be formulated that they can achieve in collaboration
- Conduct periodic joint digital security audits across the enterprise to evaluate the institutional cybersecurity posture and to eliminate gaps
- NIST cybersecurity framework and the IEC 62443 can be used as guides to secure parts of the network or as a whole
- Micro segmentation: can be used as an excellent tactic to isolate the overall digital infrastructure into fragments. This will not just help contain an attack but will also prevent malware from moving laterally
- For digital transformation or large-scale OT automation projects or those involving phased transition to IIoT, OT security teams should be roped in to develop a comprehensive security roadmap that doesn’t just end with the transition. Instead, the roadmap should cover long term operational security for all assets and must take into account converged threats or threats that might emerge in the future
- As part of the unified security, policy, an OT security specific policy can also be developed to bring OT security on par with IT security
- Operate with OT-focussed threat intelligence to detect unique threats that may affect OT but not IT
- Vulnerability assessments and gap analysis should be conducted at regular intervals and such processes should be further documented through regular audits
- Security for IT, IoT and OT assets should be owned by a joint cybersecurity team including members from both sides. This will ensure the evolution of a common minimum standard for security across the organization
- Deploying an OT security solution that works to secure all aspects of OT is also recommended
Sectrio is offering its threat intelligence feeds for trial for free for 15 days. Our feeds work with the best SIEM solutions out there and meet all the parameters listed above. To access our threat intelligence feeds for free, sign up now.
Talk to our cybersecurity experts to learn how Sectrio’s IoT security solution and threat intelligence can help your business