OT Cybersecurity in 2022: New Challenges and Emerging Trends@Enigmedia
It is a reality that the pandemic has revolutionised the way in which many businesses operate. In the case of digital transformation, we are experiencing a very rapid acceleration, as companies are increasingly becoming more agile and hyper-connected, especially in the industrial environment.
This transformation has a major impact on the way organizations plan and execute their security strategy, as new threats and challenges emerge. Companies have to look for new approaches in order to become more resilient and minimize their attack surface.
Focusing on industrial companies, the main security challenge is still the need to secure and protect their OT (Operational Technology) networks. These networks are critical for granting operations efficiency in all the industrial sectors which are crucial to the economy and society: energy and renewables, water infrastructure, manufacturing and so on. With the increasing digitisation and operational complexity of industrial companies, ensuring protection from cyber threats is not an easy task.
Looking ahead to the new year and reflecting the lessons we have learned, we would like to share some of the main challenges and emerging trends that will shape the future of OT cybersecurity.
Main OT security challenges for 2022
1.Increased sophistication of cyberattacks
The malicious actors targeting industrial companies and critical infrastructure are making it very difficult to protect OT as their understanding of ICS or IIoT systems is becoming more and more advanced, leading to more sophisticated attacks and vulnerability exploits.
OT continues to modernize and so do attacks targeting these networks and systems involved such as ICS or SCADA. One of the most common attacks, which is increasingly becoming more sophisticated, is ransomware. We have seen several ransomware attacks on critical infrastructures in the past year such as Colonial Pipeline, causing devastating effects to the day-to-day operations of these organizations and leading to huge money loss. However, other kinds of attacks targeting OT specifically, e.g. DDoS, Man-in-the-Middle, or Zero-day Exploits, are also something to be deeply aware of. The sensitivity of OT assets to downtime or performance problems makes industrial companies a prime target as even a brief shutdown can cause huge losses.
2. Hyper-connectivity and network complexity
IT/OT convergence brings many advantages to industrial companies, however, it is also a major problem due to the fact that industrial networks were designed to be air-gapped from other enterprise systems. This hyper-connectivity involves connecting legacy systems to data networks and to the cloud, the use of new technologies for automation and increased business intelligence such as IoT or Artificial Intelligence, or implementing remote access to OT systems for operations and maintenance people, among others.
As systems become more complex, new attack vectors emerge and they become more attractive for cybercriminals. Adding to this, the security measures that work perfectly in IT environments may not be suitable for OT, meaning that new security mechanisms need to be developed and in many cases the existing ones are not mature enough to assure full protection against industrial cyber threats.
3. Surge in supply chain risks & threats
Industrial companies have sophisticated supply chains. In OT systems only, we find a vast amount of suppliers that contribute to building up these systems, including services, devices and software. Technologies, human elements or organizations involved in the process are causing many threats to emerge in the supply chain, as they all can be an easy entry point to establish a foothold on the target network. Such attacks can be passive for long periods of time on a network to carefully select high-value targets. Therefore advanced security mechanisms such as network micro-segmentation or network encryption are essential to avoid lateral movements and data exfiltration, which are very common in these kinds of attacks.
A very recent and known event of a supply chain attack is the Solarwinds attack, one of the most sophisticated cyberattacks to date. Solarwinds, a company that develops software for businesses to help manage their networks, systems, and information technology infrastructure, was the initial attack vector and just the beginning of an attack sequence to other enterprises, both using Solarwinds software or being part of their supply chain.
Emerging trends for addressing OT security challenges
1.Moving from monitoring and detection to proactive protection
Most industrial companies are just getting started with their OT cybersecurity strategy, meaning that they are starting to obtain network visibility through asset inventories and monitoring tools. Security monitoring for tracking incidents and threat detection are valid strategies but this approach is not enough, as industrial networks need active protection and prevention mechanisms to ensure optimum security. Avoiding breaches instead of detecting and responding to them is crucial to assure full availability and integrity.
2. Zero-Trust in OT networks
Ensuring any device or user that attempts to connect applications and systems within OT networks is obtained by applying a Zero-Trust approach. Traditional perimeter defense is no longer valid as trust doesn’t stop at the entrance. Many industrial systems have been designed with no security in mind, so implementing advanced security measures to ensure Zero-Trust security may require complex reengineering and large investments. Implementing easy-to-deploy OT cybersecurity solutions designed according to Zero-Trust is a must in forward-thinking, resilient OT security strategy. Learn more about Zero-Trust in OT networks in our recent post: https://enigmedia.es/2021/11/01/the-use-of-zero-trust-security-in-ot/
3. Designing cybersecurity according to Purdue Layer Model
The key to implementing OT security in an effective way regarding cyber-risks is to plan controls based on the analysis of network topologies. This facilitates the ability to associate controls to layers, according to the hierarchy of the network and the relationships between them. In order to avoid lateral movements and ensure maximum protection, cybersecurity should be implemented in all the levels from 0 to 5. Securing the lower layers is the most challenging, however, if not secured the door is left wide open for attackers who are targeting critical elements within these layers such as PLCs, HMIs or sensors.
With the entry of 2022 and taking into account the security challenges that we have described above, it is crucial for industrial companies to reinvent and develop a successful OT security strategy, with a stronger focus on protection and prevention as described in the NIST framework.
Our solutions at Enigmedia are designed to guide our customers along the cybersecurity roadmap, especially regarding the protection of OT systems, data and communications. To know more about how can we help to strengthen your OT cybersecurity, please get in touch with us: https://enigmedia.es/company/contact/
- OT Cybersecurity Roadmap based on IEC-62443: https://enigmedia.es/2021/07/26/ot-cybersecurity-roadmap-based-on-iec-62443/
- Mitigating Cyber Risks in the age of OT/IT Convergence: https://enigmedia.es/2021/07/02/mitigating-cyber-risks-in-the-age-of-ot-it-convergence/
- Introduction to the great unknown world of OT Cybersecurity: https://enigmedia.es/2021/06/24/introduction-to-the-great-unknown-world-of-ot-cybersecurity/