Introduction to the great unknown world of OT Cybersecurity@Enigmedia
A brief insight into Operational Technology (OT)
Operational Technology (OT) is rapidly evolving industrial environments and critical infrastructures, as digital systems that interact with physical processes such as industrial robots, generators or turbines are now technology driven devices. Thanks to OT, industrial enterprises have been able to improve the quality of life, enabling the safe, efficient and economical delivery of energy, water, as well as the manufacturing of consumer packaged goods. The business case for OT seems to be crystal clear: getting things done faster, more efficiently, more safely, and all at a lower cost.
The benefits of OT are increasingly attractive to industrial enterprises, governments, utilities and even end customers. But with these benefits come new threats, complexity and a greater attack surface. Implementing OT systems brings a long list of cybersecurity concerns, as traditional industrial environments were not designed to be interconnected and digitalized.
The adoption of advanced enterprise software, such as analytics or monitoring, has prompted industrial organisations to further integrate IT systems and traditional OT networks.This allows companies to get a more comprehensive view of the entire ecosystem, simplifying operations and management, plus, enabling constant monitoring of condition and performance of devices and systems.
The rising need for OT cybersecurity
There is a very common saying in digital environments that “connected = hacked”. This has led to a real need for implementing a robust OT cybersecurity strategy, as most physical assets, ICS and SCADA are now connected and under the umbrella of OT. The primary objective of implementing cybersecurity strategy in OT is to maintain control of all physical assets, ensuring their safe operation at all times.
The reality is that in the majority of industrial environments, OT management is not followed as it is in other environments such as IT. Having an updated assets inventory, patching and hardening devices, or user and role management seems to be a hard task in OT. Many traditional IT tools cannot be used in OT environments, for example, taking an active approach for asset discovery may trigger significant process disruptions, as PLCs have limited processing capabilities. Adding to this, OT systems are packed with legacy devices with long amortization periods that cannot be replaced from one day to the next. Even when planning to replace them, concerns arise due to operational downtimes and complex network reengineering. They say in OT that if something works, then do not touch it.
Many attacks on OT target the above mentioned vulnerabilities and they seem to be on a rise. Malware is specifically designed to disrupt ICS and SCADA systems, and there have been a handful of attacks over the past decade, including Stuxnet, Havex or BlackEnergy.
In the past, OT systems were “air-gapped”, ensuring total isolation from the rest and acceptable risk levels. One of the main reasons for air gapping OT is that these systems are truly unique in their design and operation, so they require a totally different approach to security than IT. However, with the rising digitisation of industrial environments, the air gap no longer exists and therefore cyber-threats are increasing exponentially.
Asset owners need to address OT security challenges urgently, as the risks and damage generated by cyber attacks can be catastrophic, from system disruptions to physical and environmental damage. The most critical and common threats to OT are:
- Malware infiltration through external hardware and removable devices
- Malware infection through IT and web applications
- DDoS and Man-in-the-middle attacks
- Non secure remote access
- Legacy software and hardware vulnerabilities
- Cloud vulnerabilities
- Default configurations
- Human error
OT systems used in critical infrastructure and industrial environments are targets of sophisticated cyberattacks. However, the likelihood and impact of these attacks can be drastically reduced by implementing the right OT cybersecurity strategy and tools. As cyber-threats are evolving rapidly, we encourage you to subscribe to Enigmedia content and make use of our resources to stay up-to-date.