Some Expert Predictions For Industrial Cyber Security

Uploaded on 2020-02-17 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms, BUSINESS-Production-Manufacturing, TECHNOLOGY-Key Areas-Internet of Things

Nearly every aspect of modern life depends on industrial control systems (ICS) operating as expected. As ICS devices become increasingly connected, they also become increasingly vulnerable. Most commercial and critical infrastructure industrial organisations are underprepared for the digital convergence of their Information Technology (IT) and Operational Technology (OT)  environments.

ICS operators need to get a robust cybersecurity program in place, and fast. IT and OT, with the adoption of Industrial Internet of Things (IIoT), are rapidly changing and converging. As they evolve, hackers search for new attack vectors and new attack surfaces to compromise. So, what does all this mean for your organisation and for industrial cybersecurity? 

Here are seven  predictions about what the cyber security experts at Tenable, the leaders in industrial control systems at Belden and the researchers from  IBM/ Ponemom think that  industry faces this year, along with recommendations for how you can prepare your organisation. First, though, let’s look at the industry changes influencing our predictions.

Background Perspective
Air gapping used to be a sufficient way to protect networks and devices. Today, it’s impossible to ignore that your mission-critical and industrial processes are vulnerable to intrusion and disruption. A 2019 Report from Ponemon Institute found that 90% of respondents with OT infrastructure said they suffered at least one damaging IT or OT cyberattack in the past two years. Attackers hit nearly two-thirds of them at least twice. 

Because of these increasing attacks, many industrial and critical infrastructure organisations are investing in ways to secure their OT infrastructure in addition to their IT infrastructure. 

Many industrial devices are running older, highly-vulnerable versions of Windows that have not been hardened or patched. Operators often feel that they can’t take these systems down for routine maintenance to improve security because they are critical for the overall operation of the plant or service. There’s also the concern that an upgrade/update might interrupt operations. In some cases, security vulnerability scans typical in IT environments are too disruptive to use in OT environments. 

In fact, many ICS environments may still have specialised industrial protocols and equipment that don’t use TCP/IP (the most common communication protocol for IT networks and security tools). 

Seven Future Predictions

1. Technology convergence will open up new attack vectors
The convergence of IT, OT and the adoption of IoT will accelerate at an unprecedented pace in the next few years. The boundaries between them will continue to dissolve. This new reality will create new attack surfaces and attack vectors your team should monitor and defend. 

OT systems, which are characterised by a wide range of legacy, proprietary and non-standard protocols and interfaces, will enable an abundance of attack options even as it becomes increasingly difficult to protect them. 

Recommendation: Whether or not you air gap your industrial control systems, OT-based attacks are a real and present danger. The mantra of “set it and forget it” is not an adequate way to administer OT environments. Early detection of OT threats will require continuous monitoring at the network and device level. 

2. OT-to-IT attacks will be reality
While lateral attacks that gain a foothold in IT and spread to OT networks have been well documented in the past 24 months, soon we will see the emergence of OT-to-IT attacks. For example, we can expect attacks that intentionally compromise ICS devices in OT networks to gain access to IT networks and assets such as customer databases. 

Attackers will target OT environments because traditionally they are not as well defended as IT systems. That makes them a path of least resistance for attackers looking to target IT data repositories.

Recommendation: Create cooperation between IT and OT security and promote information sharing to detect these attacks. Also, leverage device integrity to identify problems at the device level and stop attacks before they spread across the network.

3. Attacks will expose weak links in OT security
In their search for the path of least resistance, attackers will target OT infrastructures such as branches or remote locations for large organisations. Typically, these remote/smaller sites connect to a larger OT network and, in the case of energy providers, to regional grids. They also tend to have the lowest defenses and are most vulnerable to attack. As a result, attackers will seek to compromise a remote site, or even a small energy provider, hoping to create a cascading impact.

Recommendation: To avoid disruption of mission critical operations and lateral IT data-gathering invasions, pay equal attention to checking OT infrastructure at branch and remote locations as you do to your primary sites. Attackers can exploit these remote locations to launch backhaul attacks into headquarters or partner sites.

4. The definition of critical infrastructure will broaden
The traditional perception of critical infrastructure will dramatically expand beyond energy grids to include more non-traditional targets. We can expect mainstream identification of critical infrastructure to include industries such as building management systems, transportation and logistics, heavy construction equipment, food and beverage supply chains and others. Expect more widespread recognition of the US Department of Homeland Security 16 critical infrastructure sectors. In addition, because 2020 is a presidential election year in the US, election system security will be front-of-mind.

Recommendation: Infrastructures labelled as non-critical, too small or too isolated, previously not considered targets, will now require protection and monitoring. 

5. Cloud-based ICS-as-a-Service will gain broad acceptance 
Organisations will recognise the cloud as a reliable means to deliver OT security to locations where it’s not practical or feasible for a physical deployment. Cloud-delivered OT security follows the same objection/acceptance trajectory as other technology infrastructure building blocks: on-premises CRM versus a Software-as-a-Service cloud-based tool like Salesforce, local versus online antivirus and, more recently, host- versus cloud-based endpoint detection and response (EDR).  

Recommendation: Consider cloud delivered OT security alternatives for remote or distributed locations that currently lack controls as vigorous as those at your primary installations.

6. IT will have a bigger ownership role in collaborative security 
In next year most industrial organisations will recognise security must be a shared responsibility between OT and IT teams. 
With the advent and growing awareness of both internal and external security threats, collaboration between IT and OT teams has steadily increased over the past 24 months. While OT teams have traditionally objected to IT intervention in ICS networks, we expect to see IT teams leverage their decades of experience to lead OT security. 
We predict IT teams will collaboratively set guidelines for OT security projects, with critical support and input from OT teams.

Recommendation: Because an IT security approach differs significantly from OT security priorities and challenges, organisations will need a melding of the two approaches. Adopt best practices from both IT and OT security protocols to develop a new architecture optimised for visibility, security and control.

7. The cyber skills gap will spread to OT
By 2022, ISC2 predicts there will be 1.8m unfilled OT security jobs, on top of the current global IT security skills shortage (more than 4 million unfilled positions). 

In the year ahead, we predict the combined OT-IT skills gap will create new risks: an organisation’s existing personnel may lack requisite IT and OT cross-security skills and qualified candidates for new roles will be scarce. 

Tenable:      Belden:      IBM:        Tenable:

You Might Also Read:  

Cyber Skills Shortages Stands At Four Million:

AI And IoT Have Created The AIoT:

 

 

« GDPR's Impact In The US And Globally
British CEOs Worry About Cyber Attacks While Their Businesses Are Under-Insured »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

MetaFlows

MetaFlows

MetaFlows’ SaaS malware detection & prevention software passively analyzes the behavior and the content of Internet traffic.

Honeynet Project

Honeynet Project

The Honeynet Project is a leading international non-profit security research organization, dedicated to investigating the latest attacks and developing open source security tools.

Cybersprint

Cybersprint

Cybersprint's Digital Risk Protection platform continuously monitors your digital footprint so you can make informed decisions on exposure to online threats, identify vulnerabilities and take action.

Redborder

Redborder

Redborder is an Open Source network visibility, data analytics, and cybersecurity Big Data solution that is scalable up to the needs of enterprise networks and service providers.

Netlawgic Legal Services

Netlawgic Legal Services

Netlawgic is exclusively focused on delivering cyber law solutions to the industry. We provide our clients with specialized attention and problem solving in all aspects of cyber law.

Ten Eleven Ventures

Ten Eleven Ventures

Ten Eleven is a specialized venture capital firm exclusively dedicated to helping cybersecurity companies thrive.

AppOmni

AppOmni

AppOmni is the only SaaS CSPM solution that gives teams all the tools they need to be successful – from security posture management to monitoring and detection to continuous compliance.

Cyber Security Advisor

Cyber Security Advisor

Notice how sophisticated the cybersecurity market is. Think how would you pick the security provider, assess your company, and be sure of your security decisions? Cyber Security Advisor is the answer!

Inetum

Inetum

Inetum (formerly Gfi Informatique) is an agile IT services providing digital services and solutions, and a global group that helps companies and institutions to get the most out of digital flow.

NWN Corp

NWN Corp

NWN Corporation is a leading Cloud Communications Service Provider (CCSP) focused on transforming the customer and workspace experience for commercial, enterprise and public sector organizations.

KirkpatrickPrice

KirkpatrickPrice

KirkpatrickPrice is dedicated to providing you with innovative security guidance and efficient audit services.

Cyber Security Partners (CSP)

Cyber Security Partners (CSP)

Cyber Security Partners specialise in the provision of Cyber Security Consultancy, Data Protection and Certification and Compliance services.

Clearnetwork

Clearnetwork

Clearnetwork specializes in managed cybersecurity solutions that enable both public and private organizations improve their security posture affordably.

EDGE Group

EDGE Group

EDGE is one of the world’s leading advanced technology groups, established to develop agile, bold and disruptive solutions for defence and beyond.

NetRise

NetRise

NetRise was founded as a direct result of the many shortcomings currently in the device security market, specifically targeting the firmware of devices.

LEPHISH

LEPHISH

LePhish is a French cybersecurity solution specializing in automated phishing campaigns.