Industrial Operating Technology Faces An Urgent Challenge

Are industrial control systems the new battlefield in the rising geopolitical tensions between nations? In May, ten cybersecurity agencies including the FBI, the NSA and the UK National Cyber Security Centre issued a joint report warning of a wave of pro-Russian attacks against industrial control systems (ICS) that target sectors such as water and wastewater services, energy, dams and food and beverage.

As a result, those working in OT operations need to be a step ahead of the threats. 

This new report confirms a lingering trend: while they remain less common than attacks on the IT side, OT-specific attacks can no longer be ignored. According to a recent report by Palo Alto Networks, 76% of organisations reported cyberattacks against their OT environments in the past twelve months, three-quarters of which said these attacks had become frequent.

Three Basic Actions To Take Today

The report offers three “actions to take today” for organisations looking to address the most common issues.

  • First, the agencies ask industrial organisations to ensure that the default passwords of all Operational Technology (OT) devices, including Programmable Logic Controllers (PLCs) and Human Machine Interfaces (HMIs) are changed to strong, unique passwords.
  • Third, and most importantly, organisations should get a clear picture of which OT devices are connected to the Internet and limit their exposure. In recent years, attackers have commonly exploited remote desktop tools, such as virtual network computing (VNC) software, which gives them access to insecure industrial control systems.

Lack Of OT Visibility As A Major Contributing Factor

While necessary, these three recommendations present one major challenge and one major limitation for organisations attempting to strengthen their OT cybersecurity.

Their main limitation is that they focus solely on preventing outside intrusion. OT cyberattacks, however, are not only the work of “hacktivists” or foreign cyber-criminals. Among attack vectors, insider threats, which originate from an employee, contractor or other person within the organisation, rank as a close third behind malware and ransomware. The challenge, therefore, is not only to prevent unauthorised access but also configuration changes by an individual with legitimate credentials, whether by malice or by mistake, across the company’s vendors.

In addition, many organisations lack the needed levels of visibility into their OT environments to ensure that the agencies’ recommendations are uniformly followed and struggle to map connections between the OT environment and the public-facing Internet. 

In its 2023 “Year in Review,” cybersecurity company Dragos thus found unknown external connections—from OEMs, IT networks, or the Internet—to the OT network in 46% of its service engagements. In addition, 61% of organisations had very little or no visibility into their OT environment, which further complicated the detection and remediation of cyberattacks.

A Three-step Approach To OT Cybersecurity Maturity

Addressing this lack of visibility over entry points and inventory is therefore critical to strengthening a company’s cybersecurity maturity: As the cybersecurity adage goes, you cannot protect what you cannot see.

This first step must help organisations answer some fundamental questions: How do I know what OT assets I have? How are they connected? What are they communicating with? Answering these questions is a prerequisite to developing effective vulnerability and risk management and understanding potential attack vectors.

Crucially, this inventory should not stop at non-proprietary systems, such as Windows machines and routers, but aim to provide a full view of their operations, including heterogeneous, proprietary control systems such as DCSs and PLCs. In addition, organisations should ensure that they take steps to automate this inventory process to keep it evergreen, rather than the common practice of manually maintaining a spreadsheet or database that will lead to stale, erroneous or missing data, leaving them vulnerable to OT threats

With this inventory in place, organisations can take multiple steps listed in the report to “limit the adversarial use of common vulnerabilities”, such as reducing risk exposure by reviewing Internet-accessible assets, cross-referencing the company’s inventory with a database of vulnerabilities, such as the NIST’s National Vulnerability Database, and prioritising steps to mitigate vulnerabilities.

Lastly, once detailed and accurate OT asset inventory and operational vulnerability management processes are in place, the final stage of maturity is to enable capabilities for comprehensive OT security baselines, configuration management, policy management and workflows. These capabilities address both external attacks and insider threats and help with the detection, mitigation and remediation of the breach.

Automating & Prioritising To Make The Most Of Scarce Resources

This journey may seem daunting to many organisations, given their lack of resources and expertise in OT cybersecurity. 

Last year, a report by the ENISA, the EU’s cybersecurity agency, found that 76 % of the organisations running important and critical infrastructure did not have dedicated roles and responsibilities for ICT/OT supply chain cybersecurity, and less than half had an allocated budget for it. So, how can organisations square the OT cybersecurity circle with such limited resources? 

The first step is sourcing the right expertise - internally or from partners- and leveraging the tools that cybersecurity agencies provide to help organisations develop their maturity. A second area of focus is adopting tools that support automation and prioritisation to help organisations make the most of their limited resources and get a clear sense of where they should place their efforts. 

These tools should help the organisation phase out manual approaches for risk identification, prioritisation and remediation. With cyberattacks growing in numbers and sophistication, relying on manual processes, often carried out by overstretched resources, puts industrial organisations at risk. 

Edgardo Moreno is Executive Industry Consultant, Asset Lifecycle Intelligence Division with Hexagon

Image: Andrey Popov

You Might Also Read:

Cyber Insurance For Industrial Companies - Its Complex:

DIRECTORY OF SUPPLIERS - Cyber-Physical Systems Security:

___________________________________________________________________________________________

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

 

« Navigating cloud security: The importance of posture management tools
Artificial Intelligence Is Changing Education  »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

XBOSoft

XBOSoft

XBOSoft is a software QA and testing company. We cover the entire QA and testing life cycle including software and application security.

CloudLayar

CloudLayar

CloudLayar is a cloud-based website firewall for protecting your website against online threats.

Bricata

Bricata

Bricata offers industry-leading IPS solutions for enterprise-wide threat prevention and unparalleled situational awareness.

Centre for Cyber Security (CFCS) - Denmark

Centre for Cyber Security (CFCS) - Denmark

The Centre for Cyber Security is the Danish national IT security authority, Network Security Service and Centre for Excellence within cyber security.

CRYPTTECH

CRYPTTECH

CRYPTTECH specializes in Information Security and Intelligence, Risk Evaluation and Vulnerability Recognition against Cyber-Attacks and APTs.

SEEK

SEEK

SEEK create world-class technology solutions to address the needs of job seekers and hirers across multiple sectors including cybersecurity.

Augusta HiTech

Augusta HiTech

Augusta Hitech is a focused product development, software services and technology consulting company. Our Vision is to become the most socially impactful and innovative technology company in the world

PQShield

PQShield

PQShield are specialists in Post-Quantum Cryptography. We provide quantum-secure cryptographic solutions for software, software/hardware co-design and data in transit.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Yoti

Yoti

Yoti offer a suite of business solutions that span identity verification, age estimation, e-signing and AI anti-spoofing technologies.

Suresecure

Suresecure

Suresecure are a specialised consulting company providing Strategic IT security consulting, Managed Security Services, and Incident Response Management.

Xscale Accelerator

Xscale Accelerator

Xscale's vision is to create world-class startups out of India by transforming sales and providing access to global markets.

AT&T Cybersecurity

AT&T Cybersecurity

AT&T Cybersecurity’s Edge-to-Edge technologies provide threat intelligence, collaborative defense, security without the seams, and solutions that fit your business.

Catalyst Campus For Technology & Innovation

Catalyst Campus For Technology & Innovation

Catalyst Campus is a collaborative ecosystem to create community, spark innovation and stimulate business growth.

HIFENCE

HIFENCE

HIFENCE delivers cybersecurity and networking services that make your company safer and more secure. That’s all we do, so you can concentrate on all the things that you do best.

Closed Door Security

Closed Door Security

Closed Door Security is the only cybersecurity team in the north of Scotland offering everything from IASME Certification to CREST-Accredited penetration testing.