The ever-mounting attack frequency with an increasingly sophisticated threat landscape, brings to light the urgency to step up the resiliency of critical system to cyber threats. Enterprises and Government alike are forced to deal with scenarios where they are actively under a Cyber-attack. Thus, bringing to fore the proactive approach to Cyber Security over a reactive one.
Cyber criminals have taken undue advantage of the unprecedented times we are all seeing due to the Coronavirus Pandemic. Remote work has only emboldened them by accelerating their attacks on medical, enterprise, and industrial IoT devices and critical infrastructure. With almost 63% of enterprises, 92% of industrial organizations and 82% of health care organizations using IoT, almost every enterprise is exposed to these threats.
There is a clear need to build methods to monitor and detect cyber threats at more granular levels, thus pushing the cyber protections out to where the impact happens—the cyber-physical processes within the mission-critical OT environment. Everything from IP cameras and smart elevators to patient monitors, MRI Machines and industrial control systems are inter-connected, while it is great when it comes to usability and monitoring, what’s unfortunate is that connecting IoT devices to your IT network increases your attack surface and thus increasing your entry points for hackers. The security risk is real as 67% of enterprises and 82% of healthcare organizations have experienced IoT security incidents in the recent past.
The remote work required by the Coronavirus has amplified the security risk. There is a shortage of critical infrastructure workers and due to illness and quarantine, more employees are working remotely with fewer security barriers on their home networks than what’s usually there in the workplace.
These remote connections have blurred the IT-OT segmentation and expanded the attack surface providing new entry points for hackers to exploit. If a worker’s laptop is compromised, that can have implications on access to both the IT and OT networks, as the attacker can ride on whatever privileges that employee has to move laterally from the IT network to the OT and ICS system on the production floor. Thereby increasing the impact of an attack.
It is a known fact that industrial organizations connect more devices, enable more remote access, and build new applications, therefore the airgap approach to protecting industrial networks against cyber threats is no longer enough. As these organizations become more digital and the cyber threats around them become sophisticated, it is imperative to have updated and reliable industrial cybersecurity postures.
In an industrial organization, mostly the Industrial assets are managed by the operations team focussing on production integrity, physical safety, etc rather than cyber safety. On the other hand, the IT teams who have the required cybersecurity skills and expertise are seen lacking the knowledge of the industrial processes that are imperative to take the right security measures so as to not impact production.
Therefore, building a secure industrial network requires strong collaboration between IT and operations teams for Industrial organization. Only together can they appreciate what needs to be protected and how best to protect it. Only together can they implement security best practices to build secure industrial operations. Traditional IT Security solutions have remained far behind and haven’t still caught up with the increasingly complex OT environments of today.
Today’s OT Security measures firstly need increased risk visibility. Industrial organizations need an easy way to determine what devices they have and determine their vulnerabilities and risk. Secondly, they need to be able to monitor the ICS and SCADA protocols and commands, so it can determine if their systems are connecting and communicating properly.
While industrial systems are becoming more and more connected, they are also being exposed to more vulnerabilities. The switch from closed to open systems, also referred to as the IT-OT convergence, is breeding new security threats that need to be addressed.
The key most important reasons for organizations who are in the look out to safeguard their industrial networks are the high costing industrial equipment and the fear of causing damage to communities and economies that an attack could generate. The strongest negative impact of a breach in an industrial set up could even mean casualties in a worst-case scenario. The top three challenges of industrial OT :
Erosion of Network Architecture
Two of the major challenges in securing industrial environments have been initial design and ongoing maintenance. What may have been a solid design to begin with is eroded through ad hoc updates and individual changes to hardware and machinery without consideration for the broader network impact. This kind of organic growth has led to miscalculations of expanding networks and the introduction of wireless communication in a standalone fashion, without consideration of the impact to the original security design. These uncontrolled or poorly controlled OT network evolutions have, in many cases, over time led to weak or inadequate network and systems security.
Pervasive Legacy Systems
Legacy components are not restricted to isolated network segments but have now been consolidated into the IT operational environment. From a security perspective, this is potentially dangerous as many devices may have historical vulnerabilities or weaknesses that have not been patched and updated, or it may be that patches are not even available due to the age of the equipment.
Insecure Operational Protocols
Many industrial control protocols, particularly those that are serial based, were designed without inherent strong security requirements. Furthermore, their operation was often within an assumed secure network. In addition to any inherent weaknesses or vulnerabilities, their operational environment may not have been designed with secured access control in mind.
To mitigate such farfetched repercussions and challenges, it is in the best interest of an industrial organization to security its IT & OT technology. An effective OT Security strategy puts in place solutions that allow complete visibility of network control traffic and establishing the right security policies and thus does not disrupt operations or risk non-compliance. A good OT Security strategy protects processes, people and profit while significantly reducing security vulnerabilities and incidents.
Thirdly, it should enable you to create security policies and designs for OT and ICS systems that can prevent security breaches and keep up with the latest threats.
In conclusion, only a phased and pragmatic approach can lay the ground for a converged IT/OT security architecture. Each phase must be an opportunity to build the foundation for the next. This will ensure your industrial security project addresses crucial security needs at minimal costs. It will also help you raise skills and maturity levels throughout the organization to gain wide acceptance and ensure effective collaboration.
Cymune IT/OT Security Advantage
Cymune’s convergence story of IT/OT Security offers a portfolio of security solutions that help industrial, asset-intensive environments monitor and secure networks, protect endpoints and deliver cybersecurity services with:
- 24/7 In-Depth IT/OT Network Visibility
- Real-Time Threat Detection
- Improved automation, sensing and visibility
- Increased control over distributed operations
- Better compliance with regulatory requirements and tracking
- More responsive systems and improved organizational performance
More effective workforce working with improved information