Protecting OT With MDR

Uploaded on 2024-04-30 in TECHNOLOGY--Developments, FREE TO VIEW, BUSINESS-Production-Manufacturing

Operational Technology (OT) systems now play an increasingly crucial role in industrial process automation and access control, enabling organisations to streamline operations, improve efficiency, and maintain safe and reliable networks. 

But as these (often mission-critical) systems connect to IT networks and the internet, they face growing cybersecurity risks that must be addressed to ensure the security and resilience of the OT environment.

OT systems are often found in high profile targets and crucial sectors including healthcare, manufacturing, and shipping/transportation, and the financial, operational and reputational costs of downtime from cyberattacks are enormous.

According to research from TechTarget’s Enterprise Strategy Group, 44% of organisations are running specialised OT devices. These devices traditionally reside outside IT infrastructure and are increasingly being targeted by attackers looking to maximise impact. OT devices must be protected around the clock to minimise risks and catastrophic outcomes. 

This has driven many organisations to devote growing parts of their cybersecurity budget to OT. One report pegs global spending on OT-related security at more than $1.5 billion in 2022 - growing by 19% on a compound annual basis to reach $8.4 billion by 2032.

OT uses computers, software and cloud services to drive industrial systems and processes as diverse as water purification pumps to oil rigs - critical infrastructure in a wide range of industries. Traditionally powered and managed by technologies such as industrial process control and Supervisory Control And Data Acquisition (SCADA), today’s OT systems are essentially purpose-built computers. Protecting these systems against both physical threats and cyberattacks is non-negotiable. 

A key reason why organisations have to devote substantial amounts of resources to protecting OT systems against cyberattacks is because OT systems have become more digitised and more tightly integrated with traditional IT systems.

This IT/OT merger delivers management efficiency, optimises internal staff activity and supports system-to-system data flows. However, moving from the previous walled-off nature of OT security to an integrated cybersecurity defence framework often requires new solutions. After all, traditional IT cybersecurity tools were never intended to look for, identify, block and remediate against OT-targeted threats. 

This is where OT-optimised Managed Detection and Response (MDR) solution comes in. MDR for OT products are designed specifically for the needs and challenges of OT environments. 

OT-specific cyberattacks carry the potential for big payouts for hackers. Data theft, ransomware, industrial espionage and nation-state conflicts all create opportunities for hackers to extort large sums of cash by locking up critical infrastructure and essential systems.

As a result, organisations want  and need  to avoid both business disruption and potential compliance violations that can result from OT cyberattacks and can have severe consequences, including financial losses, reputational damage, and legal liabilities. This hasn’t been easy for many organisations, as OT defences were traditionally designed to limit physical access  not cyber access  to systems powered by digital tools. This is where purpose-built OT security products come into the picture to deliver the missing security capabilities.

The increasing OT/IT convergence and the growing need for bidirectional data flows between OT and IT systems has resulted in a broader cyber-attack surface. As IT, OT and IoT assets become increasingly interconnected, it becomes easier for threat actors to perform lateral movement between IT and OT. While moving laterally, they can achieve prolonged and persistent access to the target environment before they execute an attack and try to accomplish their original objectives.

Next-generation MDR for OT solutions help organisations deploy robust threat detection and response capabilities along with attack surface management capabilities within the OT ecosystem.   

There are a wide range of attack vectors organisations need to understand, anticipate and protect against for OT assets. Take ransomware, for instance: If organisations are quick to pay ransoms to reclaim their ability to send email and access customer records, consider what they’d be willing to pay to avoid kidney dialysis machine failure or citywide water systems. 

Of course, other widely reported threats, such as credential theft, are highly problematic, as many people working in OT-related jobs are not familiar with proper cybersecurity hygiene. Advanced persistent threats and zero-day attacks also now are being aimed at OT systems because of those human, process and system vulnerabilities.

Mighty MITRE

So, organisations must embrace tools, systems and processes based on the MITRE adversarial tactics, techniques and common knowledge (MITRE ATT&CK) framework. This framework breaks down an attack lifecycle into phases, while identifying different types of assets those threats are likely to target.

It is a sophisticated and wide-ranging framework, designed to understand increasingly complex attacks targeting the interconnected nature of OT systems.

Ensuring extensive MITRE ATT&CK coverage is essential for MDR platforms and services designed to secure OT systems.

With the MITRE ATT&CK framework at its core, MDR solutions and services for OT must be able to provide broad and deep cybersecurity capabilities to enable organisations protect, detect, respond and recover from OT cyber-attacks. A superior MDR solution for OT should include:

  • Advanced analytics
  • Integrated curated threat intelligence
  • Advanced automation (e.g. automated incident response)
  • Proactive threat hunting
  • Intelligent configuration management and verification

Specific Tools For SCADA & Industrial Process Control Applications

  • Incident case management
  • Asset discovery
  • Attack surface monitoring
  • Vulnerability monitoring
  • Security configuration monitoring

As OT functions become increasingly digitised, they present a bigger risk of cyberattack. The estimated financial impact of different kinds of OT cyber-attacks is significant , forcing organisations to rethink their entire approach around OT security and revisit their OT cybersecurity program .

So, take a moment to review your digitised OT functions, and research what extra steps you might need to further improve your OT security posture and increase cyber reliance in the OT domain. 
 

Yannis Velitsikakis is Product Manager at Obrela

Image: Ideogram

You Might Also Read: 

SCADA Is Dead, Or Is It?:

DIRECTORY OF SUPPLIERS - Critical Infrastructure Security:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

« What Can Be Done About Cyber Threat Actors Weaponizing AI?
The NCSC Appoints A New Chief »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

CSIRT Malta

CSIRT Malta

CSIRT Malta supports critical infrastructure organisations in Malta on how to protect their information infrastructure assets and systems from cyber threats and incidents.

Cyber Security National Lab (CINI)

Cyber Security National Lab (CINI)

The Cyber Security National Lab brings together Italian academic excellence in Cyber Security research.

CSI

CSI

CSI is a Managed Service Provider (MSP) delivering Hybrid Multi-Cloud, Data Protection, and Cyber Security solutions to highly regulated industries.

Information Technology & Cyber ​​Security Service (STISC) - Moldova

Information Technology & Cyber ​​Security Service (STISC) - Moldova

STISC is a public institution whose purpose is to ensure the administration, maintenance and development of the information technology infrastructure in Moldova.

Scientific Cyber Security Association (SCSA)

Scientific Cyber Security Association (SCSA)

The main goal of Scientific Cyber Security Association is the development of scientific and practical directions of cyber security.

Liongard

Liongard

Liongard automates the management and protection of modern IT environments at scale for IT MSPs - Managed Service Providers and Enterprise IT Operations.

Forever Group

Forever Group

Forever Group is a Managed Services Provider specialising in Telecommunications, IT Support, and Cyber Security.

Kalima Systems

Kalima Systems

Kalima’s mission is to securely collect, transport, store and share Industrial IoT (IIoT) trusted data in real time with devices, services and mobile workers.

SnapAttack

SnapAttack

SnapAttack is a collaborative platform that empowers your security team to stay ahead of threats, create robust behavioral analytics for your existing tools, and prove your program's effectiveness.

VC3

VC3

VC3 provides a full range of Information Technology Solutions and Services to hundreds of municipalities and organizations throughout the USA.

Cerby

Cerby

Your team uses unmanageable applications that put you, your company, and your data at risk. Protect, secure, and accelerate your business automatically with Cerby.

Information Systems Security Association (ISSA)

Information Systems Security Association (ISSA)

ISSA is the community of choice for international cybersecurity professionals dedicated to advancing individual growth, managing technology risk and protecting critical information and infrastructure.

Papua New Guinea National Cyber Security Centre (PNG NCSC)

Papua New Guinea National Cyber Security Centre (PNG NCSC)

PNG NCSC is a jointly funded initiative enabling PNG to benefit with the most advanced cyber protection of its critical information and communications technology infrastructure.

Netsurit

Netsurit

Managed IT, Cloud, and Security Services. Netsurit is Your IT Innovation and Digital Transformation Accelerator.

CyAmast

CyAmast

CyAmast is an IoT Network security and analytics company that is changing the way enterprise and governments detect and protect networks from the pervasive threat of cyber attacks.

Qodea

Qodea

Qodea (formerly Appsbroker CTS) is Europe's largest Google Premier only transformation partner.