Industrial Operating Technology Faces An Urgent Challenge

Uploaded on 2024-06-20 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Production-Manufacturing

Are industrial control systems the new battlefield in the rising geopolitical tensions between nations? In May, ten cybersecurity agencies including the FBI, the NSA and the UK National Cyber Security Centre issued a joint report warning of a wave of pro-Russian attacks against industrial control systems (ICS) that target sectors such as water and wastewater services, energy, dams and food and beverage.

As a result, those working in OT operations need to be a step ahead of the threats. 

This new report confirms a lingering trend: while they remain less common than attacks on the IT side, OT-specific attacks can no longer be ignored. According to a recent report by Palo Alto Networks, 76% of organisations reported cyberattacks against their OT environments in the past twelve months, three-quarters of which said these attacks had become frequent.

Three Basic Actions To Take Today

The report offers three “actions to take today” for organisations looking to address the most common issues.

  • First, the agencies ask industrial organisations to ensure that the default passwords of all Operational Technology (OT) devices, including Programmable Logic Controllers (PLCs) and Human Machine Interfaces (HMIs) are changed to strong, unique passwords.
  • Third, and most importantly, organisations should get a clear picture of which OT devices are connected to the Internet and limit their exposure. In recent years, attackers have commonly exploited remote desktop tools, such as virtual network computing (VNC) software, which gives them access to insecure industrial control systems.

Lack Of OT Visibility As A Major Contributing Factor

While necessary, these three recommendations present one major challenge and one major limitation for organisations attempting to strengthen their OT cybersecurity.

Their main limitation is that they focus solely on preventing outside intrusion. OT cyberattacks, however, are not only the work of “hacktivists” or foreign cyber-criminals. Among attack vectors, insider threats, which originate from an employee, contractor or other person within the organisation, rank as a close third behind malware and ransomware. The challenge, therefore, is not only to prevent unauthorised access but also configuration changes by an individual with legitimate credentials, whether by malice or by mistake, across the company’s vendors.

In addition, many organisations lack the needed levels of visibility into their OT environments to ensure that the agencies’ recommendations are uniformly followed and struggle to map connections between the OT environment and the public-facing Internet. 

In its 2023 “Year in Review,” cybersecurity company Dragos thus found unknown external connections—from OEMs, IT networks, or the Internet—to the OT network in 46% of its service engagements. In addition, 61% of organisations had very little or no visibility into their OT environment, which further complicated the detection and remediation of cyberattacks.

A Three-step Approach To OT Cybersecurity Maturity

Addressing this lack of visibility over entry points and inventory is therefore critical to strengthening a company’s cybersecurity maturity: As the cybersecurity adage goes, you cannot protect what you cannot see.

This first step must help organisations answer some fundamental questions: How do I know what OT assets I have? How are they connected? What are they communicating with? Answering these questions is a prerequisite to developing effective vulnerability and risk management and understanding potential attack vectors.

Crucially, this inventory should not stop at non-proprietary systems, such as Windows machines and routers, but aim to provide a full view of their operations, including heterogeneous, proprietary control systems such as DCSs and PLCs. In addition, organisations should ensure that they take steps to automate this inventory process to keep it evergreen, rather than the common practice of manually maintaining a spreadsheet or database that will lead to stale, erroneous or missing data, leaving them vulnerable to OT threats

With this inventory in place, organisations can take multiple steps listed in the report to “limit the adversarial use of common vulnerabilities”, such as reducing risk exposure by reviewing Internet-accessible assets, cross-referencing the company’s inventory with a database of vulnerabilities, such as the NIST’s National Vulnerability Database, and prioritising steps to mitigate vulnerabilities.

Lastly, once detailed and accurate OT asset inventory and operational vulnerability management processes are in place, the final stage of maturity is to enable capabilities for comprehensive OT security baselines, configuration management, policy management and workflows. These capabilities address both external attacks and insider threats and help with the detection, mitigation and remediation of the breach.

Automating & Prioritising To Make The Most Of Scarce Resources

This journey may seem daunting to many organisations, given their lack of resources and expertise in OT cybersecurity. 

Last year, a report by the ENISA, the EU’s cybersecurity agency, found that 76 % of the organisations running important and critical infrastructure did not have dedicated roles and responsibilities for ICT/OT supply chain cybersecurity, and less than half had an allocated budget for it. So, how can organisations square the OT cybersecurity circle with such limited resources? 

The first step is sourcing the right expertise - internally or from partners- and leveraging the tools that cybersecurity agencies provide to help organisations develop their maturity. A second area of focus is adopting tools that support automation and prioritisation to help organisations make the most of their limited resources and get a clear sense of where they should place their efforts. 

These tools should help the organisation phase out manual approaches for risk identification, prioritisation and remediation. With cyberattacks growing in numbers and sophistication, relying on manual processes, often carried out by overstretched resources, puts industrial organisations at risk. 

Edgardo Moreno is Executive Industry Consultant, Asset Lifecycle Intelligence Division with Hexagon

Image: Andrey Popov

You Might Also Read:

Cyber Insurance For Industrial Companies - Its Complex:

DIRECTORY OF SUPPLIERS - Cyber-Physical Systems Security:

___________________________________________________________________________________________

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

« Navigating cloud security: The importance of posture management tools
Artificial Intelligence Is Changing Education  »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Information Security Systems (ISSCOM)

Information Security Systems (ISSCOM)

ISSCOM provide services to help companies implement Information Security Management Systems (ISMS) by providing consultancy and hands-on assistance.

XenArmor

XenArmor

XenArmor products include NetCertScanner, an enterprise software to scan & manage expired SSL Certificates on your local network or internet.

Infrascale

Infrascale

Infrascale specialise in providing cloud backup and disaster recovery services.

Recorded Future

Recorded Future

Recorded Future arms security teams with threat intelligence powered by patented machine learning to lower risk.

Netresec

Netresec

Netresec is an independent software vendor with focus on the network security field. We specialize in software for network forensics and analysis of network traffic.

Cyversity

Cyversity

Cyversity's mission (formerly ICMCP) is the consistent representation of women and underrepresented minorities in the cybersecurity industry.

exceet Secure Solutions

exceet Secure Solutions

exceet Secure Solutions is your experienced specialist for Internet of Things (IoT), Heath Telematics, electronic signatures and timestamps and IT security.

AFNOR Group

AFNOR Group

AFNOR Group designs and deploys solutions based on voluntary standards around the world and provides services including training, professional and technical information, assessment and certification.

WolfSSL

WolfSSL

wolfSSL is an embedded SSL/TLS library providing secure communication for IoT, smart grid, connected home, routers, applications, games, phones, and more.

Secuvant

Secuvant

Secuvant is an independent IT Security firm providing enterprise-grade IT security services to mid-market organizations.

Cyber Intelligence House (CIH)

Cyber Intelligence House (CIH)

Cyber Intelligence House provides risk exposure solutions for a wide range of audiences including companies, government agencies, regulators, investors, law enforcement and consumers.

Wavex Technology

Wavex Technology

Wavex Technology is an award winning IT Services firm offering clients a secure and fully managed IT service.

We Hack Purple

We Hack Purple

We Hack Purple is a Canadian company dedicated to helping anyone and everyone create secure software.

Orca Technology

Orca Technology

Orca is a UK-based Managed Service Provider delivering end-to-end managed IT services, support, hosted desktop, cloud solutions and strategic guidance.

LMNTRIX

LMNTRIX

LMNTRIX eliminates the complexity and burden of cyber security for organizations struggling to prepare for, prevent and respond to cyberattacks.

SysGroup

SysGroup

SysGroup is an award-winning managed IT services, cloud hosting, and IT consultancy provider.