Industrial Operating Technology Faces An Urgent Challenge

Are industrial control systems the new battlefield in the rising geopolitical tensions between nations? In May, ten cybersecurity agencies including the FBI, the NSA and the UK National Cyber Security Centre issued a joint report warning of a wave of pro-Russian attacks against industrial control systems (ICS) that target sectors such as water and wastewater services, energy, dams and food and beverage.

As a result, those working in OT operations need to be a step ahead of the threats. 

This new report confirms a lingering trend: while they remain less common than attacks on the IT side, OT-specific attacks can no longer be ignored. According to a recent report by Palo Alto Networks, 76% of organisations reported cyberattacks against their OT environments in the past twelve months, three-quarters of which said these attacks had become frequent.

Three Basic Actions To Take Today

The report offers three “actions to take today” for organisations looking to address the most common issues.

  • First, the agencies ask industrial organisations to ensure that the default passwords of all Operational Technology (OT) devices, including Programmable Logic Controllers (PLCs) and Human Machine Interfaces (HMIs) are changed to strong, unique passwords.
  • Third, and most importantly, organisations should get a clear picture of which OT devices are connected to the Internet and limit their exposure. In recent years, attackers have commonly exploited remote desktop tools, such as virtual network computing (VNC) software, which gives them access to insecure industrial control systems.

Lack Of OT Visibility As A Major Contributing Factor

While necessary, these three recommendations present one major challenge and one major limitation for organisations attempting to strengthen their OT cybersecurity.

Their main limitation is that they focus solely on preventing outside intrusion. OT cyberattacks, however, are not only the work of “hacktivists” or foreign cyber-criminals. Among attack vectors, insider threats, which originate from an employee, contractor or other person within the organisation, rank as a close third behind malware and ransomware. The challenge, therefore, is not only to prevent unauthorised access but also configuration changes by an individual with legitimate credentials, whether by malice or by mistake, across the company’s vendors.

In addition, many organisations lack the needed levels of visibility into their OT environments to ensure that the agencies’ recommendations are uniformly followed and struggle to map connections between the OT environment and the public-facing Internet. 

In its 2023 “Year in Review,” cybersecurity company Dragos thus found unknown external connections—from OEMs, IT networks, or the Internet—to the OT network in 46% of its service engagements. In addition, 61% of organisations had very little or no visibility into their OT environment, which further complicated the detection and remediation of cyberattacks.

A Three-step Approach To OT Cybersecurity Maturity

Addressing this lack of visibility over entry points and inventory is therefore critical to strengthening a company’s cybersecurity maturity: As the cybersecurity adage goes, you cannot protect what you cannot see.

This first step must help organisations answer some fundamental questions: How do I know what OT assets I have? How are they connected? What are they communicating with? Answering these questions is a prerequisite to developing effective vulnerability and risk management and understanding potential attack vectors.

Crucially, this inventory should not stop at non-proprietary systems, such as Windows machines and routers, but aim to provide a full view of their operations, including heterogeneous, proprietary control systems such as DCSs and PLCs. In addition, organisations should ensure that they take steps to automate this inventory process to keep it evergreen, rather than the common practice of manually maintaining a spreadsheet or database that will lead to stale, erroneous or missing data, leaving them vulnerable to OT threats

With this inventory in place, organisations can take multiple steps listed in the report to “limit the adversarial use of common vulnerabilities”, such as reducing risk exposure by reviewing Internet-accessible assets, cross-referencing the company’s inventory with a database of vulnerabilities, such as the NIST’s National Vulnerability Database, and prioritising steps to mitigate vulnerabilities.

Lastly, once detailed and accurate OT asset inventory and operational vulnerability management processes are in place, the final stage of maturity is to enable capabilities for comprehensive OT security baselines, configuration management, policy management and workflows. These capabilities address both external attacks and insider threats and help with the detection, mitigation and remediation of the breach.

Automating & Prioritising To Make The Most Of Scarce Resources

This journey may seem daunting to many organisations, given their lack of resources and expertise in OT cybersecurity. 

Last year, a report by the ENISA, the EU’s cybersecurity agency, found that 76 % of the organisations running important and critical infrastructure did not have dedicated roles and responsibilities for ICT/OT supply chain cybersecurity, and less than half had an allocated budget for it. So, how can organisations square the OT cybersecurity circle with such limited resources? 

The first step is sourcing the right expertise - internally or from partners- and leveraging the tools that cybersecurity agencies provide to help organisations develop their maturity. A second area of focus is adopting tools that support automation and prioritisation to help organisations make the most of their limited resources and get a clear sense of where they should place their efforts. 

These tools should help the organisation phase out manual approaches for risk identification, prioritisation and remediation. With cyberattacks growing in numbers and sophistication, relying on manual processes, often carried out by overstretched resources, puts industrial organisations at risk. 

Edgardo Moreno is Executive Industry Consultant, Asset Lifecycle Intelligence Division with Hexagon

Image: Andrey Popov

You Might Also Read:

Cyber Insurance For Industrial Companies - Its Complex:

DIRECTORY OF SUPPLIERS - Cyber-Physical Systems Security:

___________________________________________________________________________________________

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

 

« Navigating cloud security: The importance of posture management tools
Artificial Intelligence Is Changing Education  »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Information Risk Management (IRM)

Information Risk Management (IRM)

IRM is an international consultancy dedicated to helping organisations solve key business issues. We provide strategic cyber security advice across a wide range of sectors.

Information Security Systems (ISSCOM)

Information Security Systems (ISSCOM)

ISSCOM provide services to help companies implement Information Security Management Systems (ISMS) by providing consultancy and hands-on assistance.

Planit Testing

Planit Testing

Planit is a leader in Quality Assurance and a specialist in software testing and training services.

AVR International

AVR International

AVR educate, advise, analyse and provide professional, technical consultancy and support to ensure your business is safe, compliant and protected.

Atomicorp

Atomicorp

Atomicorp, the leader in Secure Linux, is a developer of solutions for the protection and support of cloud, virtual, shared, and dedicated web hosting environments.

The Data Privacy Group

The Data Privacy Group

The Data Privacy Group provide expert professional services underpinned by world leading automation tools and a consulting team specialized in privacy and data protection.

Nexis

Nexis

Nexis GmbH is a German IT security company specializing in IAM, access control, and risk management.

Ataya & Partners

Ataya & Partners

Ataya & Partners is a consulting company that delivers data protection, cybersecurity and IT & Digital governance services.

MPC Alliance

MPC Alliance

The mission of the MPC Alliance is to accelerate adoption of MPC (Multi-Party Computation) technology.

AppOmni

AppOmni

AppOmni is the only SaaS CSPM solution that gives teams all the tools they need to be successful – from security posture management to monitoring and detection to continuous compliance.

FortKnoxster

FortKnoxster

FortKnoxster is a cybersecurity company within the Crypto & FinTech space. Our encryption technologies are blockchain integrated.

Canonic Security

Canonic Security

Canonic streamlines app review, continuously monitors apps, and reduces the risks involved in third-party access to your data.

IBM Security

IBM Security

IBM manufactures and markets computer hardware, middleware and software, and offers hosting and consulting services in areas ranging from mainframe computers to nanotechnology.

National Coordinator for Security and Counterterrorism (NCTV) - Netherlands

National Coordinator for Security and Counterterrorism (NCTV) - Netherlands

The NCTV serves the Netherlands’ national security. We protect national interests, identify threats and strengthen resilience.

Options Technology

Options Technology

Options is a global leader in financial technology, specialising in Capital Markets technology and enterprise-grade solutions.

Security Solutions Services (S-3)

Security Solutions Services (S-3)

S-3 specialize in crafting tailored network design, security hardware, software, and storage solutions for businesses of all sizes.