The divide between IT and OT security needs to be overcome by adopting technologies that address both, as well as improving team communication and collaboration. Businesses, however, need to keep up with the upsurge in threats – a race that no human can win on their own.
Over a decade ago, when a cyber-attack allegedly affected nuclear centrifuges at Natanz, cyber-threats to industrial control systems (ICS) were still a rare occurrence. This attack was highly complex, including the resources and intelligence of nation-state actors, and was a long cry from the hacking script novices do.
Cyber-attacks on ICS have grown in volume and variety over the last decade. In fact, according to Kaspersky’s recent research “Threat landscape for industrial automation systems – Statistics for H1 2021”, malicious activity targeted one-third of industrial control systems (ICS) in the first half of 2021.
The impact on Society and Businesses
This trend has a significant impact. Potential financial losses and stolen data, as well as societal upheavals and hazards to human safety, are all on the line. In fact, the Colonial Pipeline attack was only a sliver of the economic and societal havoc that these attacks are capable of wreaking. The breach was particularly alarming because the operational technology (OT) appeared to be not the target of the attack. Because it was impossible to detect if OT had been compromised after IT had been infected, the company elected to shut down its OT environment manually.
Also Read: Cybersecurity in the Post-Pandemic World: Re-thinking Long-Term IT and Security strategies
Increasing Industrial Control System attacks
The rise in these attacks can be attributed to a number of factors. For starters, these attacks are no longer limited to nation-states with geopolitical goals. These attacks are increasingly being carried out by cybercriminals for monetary gain.
ICS attacks are on the rise as a result of the convergence of OT and IT, which exposes industrial environments with legacy technologies to the internet. This is illustrated by the fact that in 2021, internet-based threats were greatly outnumbering removable media and email attacks among compromised ICS systems.
The ‘air gap’ between OT and IT is becoming increasingly obsolete. Attempting to retain it, however, prevents companies from embracing connected technologies like IIoT and remote access capabilities, which vastly improve industrial process efficiency and safety. As a result, while IT-OT convergence broadens the threat surface, it also allows companies to preserve a competitive advantage or simply stay in the game.
Even if there is no stated convergence, interdependence between IT and OT systems is sufficient to encourage an organization it to manually shut down OT in the event of an IT compromise. OT systems are usually safety-critical, and unless the business can demonstrate that OT is unaffected, shutting down to reduce risk is a good rationale.
Furthermore, even if a company can demonstrate that its OT is unaffected, undetected points of IT-OT convergence are fairly common.
What does the future look like?
More cyber-attacks will either make their way into OT via IT or go straight for the kill and target OT. Claroty’s “Biannual ICS Risk & Vulnerability Report: 1H 2021” discovered that ICS vulnerabilities increased by 41% in the six months leading up to August. 61 percent of them could be remotely exploited, and 66 percent could be exploited without any user interaction. Furthermore, nearly three-quarters of vulnerabilities (74%) did not necessitate special privileges.
Though this is alarming, mapping and patching these vulnerabilities is a time-consuming task. Over one-fifth of reported common vulnerabilities and exposures (CVEs) do not include a patch, making vulnerability management workflows a process of diminishing returns.
Also Read: Five Strategies for Addressing DDoS Attacks
How Should Businesses Respond?
Enterprise security (IT) is increasingly becoming intertwined with industrial security (OT). Using a siloed approach to defend OT in an isolated capacity is no longer acceptable. As a result, a comprehensive industrial security strategy must protect both ‘IT in OT’ and the rest of the company network, including email and cloud systems. And this protection has to be seamless. There is no time for an OT security tool to digest notifications from an IT security tool because attacks can spread quickly.
Fortunately, self-learning artificial intelligence (AI) technology is capable of comprehending the entire cyber-ecosystem, from corporate laptops and servers to HMIs and PLCs in industrial settings. Because of this visibility, AI is able to stop threats in IT before they spread to OT.
For more such updates follow us on Google News ITsecuritywire News