Industrial Operating Technology Faces An Urgent Challenge

Uploaded on 2024-06-20 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Production-Manufacturing

Are industrial control systems the new battlefield in the rising geopolitical tensions between nations? In May, ten cybersecurity agencies including the FBI, the NSA and the UK National Cyber Security Centre issued a joint report warning of a wave of pro-Russian attacks against industrial control systems (ICS) that target sectors such as water and wastewater services, energy, dams and food and beverage.

As a result, those working in OT operations need to be a step ahead of the threats. 

This new report confirms a lingering trend: while they remain less common than attacks on the IT side, OT-specific attacks can no longer be ignored. According to a recent report by Palo Alto Networks, 76% of organisations reported cyberattacks against their OT environments in the past twelve months, three-quarters of which said these attacks had become frequent.

Three Basic Actions To Take Today

The report offers three “actions to take today” for organisations looking to address the most common issues.

  • First, the agencies ask industrial organisations to ensure that the default passwords of all Operational Technology (OT) devices, including Programmable Logic Controllers (PLCs) and Human Machine Interfaces (HMIs) are changed to strong, unique passwords.
  • Third, and most importantly, organisations should get a clear picture of which OT devices are connected to the Internet and limit their exposure. In recent years, attackers have commonly exploited remote desktop tools, such as virtual network computing (VNC) software, which gives them access to insecure industrial control systems.

Lack Of OT Visibility As A Major Contributing Factor

While necessary, these three recommendations present one major challenge and one major limitation for organisations attempting to strengthen their OT cybersecurity.

Their main limitation is that they focus solely on preventing outside intrusion. OT cyberattacks, however, are not only the work of “hacktivists” or foreign cyber-criminals. Among attack vectors, insider threats, which originate from an employee, contractor or other person within the organisation, rank as a close third behind malware and ransomware. The challenge, therefore, is not only to prevent unauthorised access but also configuration changes by an individual with legitimate credentials, whether by malice or by mistake, across the company’s vendors.

In addition, many organisations lack the needed levels of visibility into their OT environments to ensure that the agencies’ recommendations are uniformly followed and struggle to map connections between the OT environment and the public-facing Internet. 

In its 2023 “Year in Review,” cybersecurity company Dragos thus found unknown external connections—from OEMs, IT networks, or the Internet—to the OT network in 46% of its service engagements. In addition, 61% of organisations had very little or no visibility into their OT environment, which further complicated the detection and remediation of cyberattacks.

A Three-step Approach To OT Cybersecurity Maturity

Addressing this lack of visibility over entry points and inventory is therefore critical to strengthening a company’s cybersecurity maturity: As the cybersecurity adage goes, you cannot protect what you cannot see.

This first step must help organisations answer some fundamental questions: How do I know what OT assets I have? How are they connected? What are they communicating with? Answering these questions is a prerequisite to developing effective vulnerability and risk management and understanding potential attack vectors.

Crucially, this inventory should not stop at non-proprietary systems, such as Windows machines and routers, but aim to provide a full view of their operations, including heterogeneous, proprietary control systems such as DCSs and PLCs. In addition, organisations should ensure that they take steps to automate this inventory process to keep it evergreen, rather than the common practice of manually maintaining a spreadsheet or database that will lead to stale, erroneous or missing data, leaving them vulnerable to OT threats

With this inventory in place, organisations can take multiple steps listed in the report to “limit the adversarial use of common vulnerabilities”, such as reducing risk exposure by reviewing Internet-accessible assets, cross-referencing the company’s inventory with a database of vulnerabilities, such as the NIST’s National Vulnerability Database, and prioritising steps to mitigate vulnerabilities.

Lastly, once detailed and accurate OT asset inventory and operational vulnerability management processes are in place, the final stage of maturity is to enable capabilities for comprehensive OT security baselines, configuration management, policy management and workflows. These capabilities address both external attacks and insider threats and help with the detection, mitigation and remediation of the breach.

Automating & Prioritising To Make The Most Of Scarce Resources

This journey may seem daunting to many organisations, given their lack of resources and expertise in OT cybersecurity. 

Last year, a report by the ENISA, the EU’s cybersecurity agency, found that 76 % of the organisations running important and critical infrastructure did not have dedicated roles and responsibilities for ICT/OT supply chain cybersecurity, and less than half had an allocated budget for it. So, how can organisations square the OT cybersecurity circle with such limited resources? 

The first step is sourcing the right expertise - internally or from partners- and leveraging the tools that cybersecurity agencies provide to help organisations develop their maturity. A second area of focus is adopting tools that support automation and prioritisation to help organisations make the most of their limited resources and get a clear sense of where they should place their efforts. 

These tools should help the organisation phase out manual approaches for risk identification, prioritisation and remediation. With cyberattacks growing in numbers and sophistication, relying on manual processes, often carried out by overstretched resources, puts industrial organisations at risk. 

Edgardo Moreno is Executive Industry Consultant, Asset Lifecycle Intelligence Division with Hexagon

Image: Andrey Popov

You Might Also Read:

Cyber Insurance For Industrial Companies - Its Complex:

DIRECTORY OF SUPPLIERS - Cyber-Physical Systems Security:

___________________________________________________________________________________________

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

« Navigating cloud security: The importance of posture management tools
Artificial Intelligence Is Changing Education  »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

ZDL Group

ZDL Group

At ZDL (formerly ZeroDayLab) we take a comprehensive view of our clients cyber security risks and provide quality services to address those risk

Pluralsight

Pluralsight

Pluralsight helps enterprises build technology skills at scale with expert-authored courses on today’s most important technologies including information and cyber security.

Identiv

Identiv

Identiv is a global security technology company that establishes trust in the connected world, including premises, information and everyday items.

National Cyber Security Centre (NCSC) - Norway

National Cyber Security Centre (NCSC) - Norway

NCSC is part of the Norwegian Security Authority, and is Norway's national cyber security hub and the national CERT.

Copper Horse Solutions

Copper Horse Solutions

Copper Horse specialises in mobile and IoT security, engineering solutions throughout the product lifecycle from requirements to product security investigations.

Morphisec

Morphisec

Morphisec's world leading prevention-first software stops ransomware and other advanced attacks from endpoint to the cloud.

Ezenta

Ezenta

Ezenta is a Danish IT security consulting firm.

Blu Venture Investors (BVI)

Blu Venture Investors (BVI)

Blu Venture Investors is a venture capital firm that supports early stage companies with a focus on technology in diverse domains including cybersecurity, IoT, defense and homeland security.

Cyemptive Technologies

Cyemptive Technologies

Cyemptive's CyberSlice technology preempts and remove threats before they take hold, in seconds, compared to other’s hours, days, weeks and even months.

Liquid Intelligent Technologies

Liquid Intelligent Technologies

Liquid Intelligent Technologies is a leading communications solutions provider across Africa, providing reliable connectivity, hosting, co-location, and digital services including cyber security.

Securd

Securd

Securd takes opportunities away from your cyber adversaries. Cloud-delivered zero-trust DNS firewall and web filtering protection keep your business network and remote employees safe.

TestArmy

TestArmy

TestArmy CyberForces provide you with a broad spectrum of cybersecurity services to test every aspect of your IT infrastructure security and software development process.

Intigriti

Intigriti

Intigriti helps companies protect themselves from cybercrime. Our community of ethical hackers provides continuous, realistic security testing to protect our customer’s assets and brand.

AdviserCyber

AdviserCyber

AdviserCyber provide Cybersecurity and Compliance Solutions for Registered Investment Advisers.

Jot Digital

Jot Digital

Jot Digital is a full-service technology company specializing in digital engineering, application modernization and business transformation.

Viatel Technology Group

Viatel Technology Group

Viatel Technology Group is a complete digital services provider. We have over 26 years’ experience delivering fully managed security, networking, cloud and communications services.