Increased connectivity has led to an expansion of the cyber attack surface. With the IT/OT convergence, threat actors are starting to exploit vulnerabilities within IT networks to gain a foothold in Operational Technology (OT) environments. OT is a crucial, under-secured aspect of today’s business. Most Critical National Infrastructure (CNI) operations rely on OT and nation-states are increasingly targeting them not just for political or financial reasons but because their outdated systems make them an easy target.
Failure to secure OT environments can negatively affect organisations of all sizes because OT systems and networks are essential for their operations and human safety. A good example is the attack on Colonial Pipeline last year. This incident essentially shut down the entire operation of a national fuel supply leaving some states on the east side of the United States without essential services, causing a domino effect in other areas of the local economy. Furthermore, the objective of the Florida Water Treatment facility hacking was to potentially poison an entire municipality’s drinking supply but its operations team caught it on time, preventing what could have been a disaster. While many IT experts are best equipped to deal with constant threats to their infrastructure, OT environments require a more specific understanding, meaning organisations often do not spot an attack until it is too late.
IT refers to everything a company has on its network, including crown jewels and sensitive information. These are things that organisations continuously strive to protect either as a business advantage or for regulatory compliance efforts. OT, on the other hand, includes everything a company needs to run its operations, from oil refinery equipment to vessel engines and assets that keep people safe in their work environment.
Even though, in many cases, operational teams have established processes for installing and maintaining operational equipment, technology often evolves without proper implementation, making it more challenging to secure, particularly when things become outdated. Since OT is less connected, the operations teams tend to lack the right resources to implement security across their assets. Threat actors have begun exploiting this security gap by finding their way onto networks via connected Industrial Internet of Things (IIoT) devices and exploiting OT technology precisely because organisations do not have the required visibility over these assets.
Despite the indisputable fact that IIoT makes it easier to manage remote operations remotely and computerise or automated processes, it also comes with an elevated level of risk. Cyber- attacks are intensifying, specifically targeting IIoT and OT. Even an elementary simple attack can shut down entire production plants and disrupt business operations. Companies must evolve along with the cyber threat landscape to keep up with the constant change and evolution of systems and devices connecting to the internet. They must implement measures on new builds or operational systems as safely and effectively as possible without impacting or limiting operations or, employees’ wellbeingsafety and business.
Virtualisation and Cloud have proven to help IT governance and visibility but it’s different for OT. Simply put, an organisation’s OT assets are the largest attack surface. The issue arises when OT digital assets can’t be tracked. Many enterprises have a profile of their IT assets; however, they can’t track their OT devices.
Conducting an audit to find vulnerabilities is critical because these are the main exposure points to threats like ransomware. Asset discovery services help solve this problem. However, sometimes logs are not enough. Over time, applications, systems and logs stay the same, while threat actors find new ways to bypass security, sometimes utilising the most innocent-looking tactics.
Understanding where critical information lies or may be at risk is key not only to meeting compliance guidelines but also to implementing a robust OT cybersecurity program. Once asset management is in place, organisations should determine which vulnerabilities exist on those assets. Then once they have been isolated, these vulnerabilities must be prioritised to provide appropriate remediations.
Third-party Managed Security Service Providers (MSSPs) can help IT and OT departments to identify and prioritise vulnerabilities so organisations can schedule patching in a way that facilitates business continuity. This also provides internal teams with valuable time and insight into their IT and OT controls, helping combat emerging threats. While finding a reliable partner can be challenging, the right MSSP can help reduce the likelihood of an OT incident and protect, defend and mitigate in case of an attack.