There has been an unprecedented spike in ransomware attacks against Operational Technology (OT) networks over the last year and a half. While this rise has garnered a lot of attention, it was something that industry analysts had been anticipating for some time.
Attacks on that infrastructure had been on the horizon, but they have become a reality. This period will continue as OT networks become more integrated with the IT infrastructure. Driven by the need to increase business profitability and efficiency, companies have embraced hyper-connectivity. Now, the primary challenge is to make the connections more secure. Chief Information Security Officers (CISO) need to take measures in this new reality to strengthen the security posture of their OT environments.
Here are recommendations every CISO should consider:
Broaden the scope of risk governance to cover any cyber-physical asset
This encompasses all components of the Industrial Internet of Things (IoT), Industrial Control Systems (ICS), and enterprise IoT components. Naturally, this is difficult for many firms, as identifying such assets is difficult. This is a process that may require several iterations. Fortunately, the cybersecurity sector has made enormous progress in recent years in technology, enabling organizations to rapidly find such assets and assess their exposure, risk, and weaknesses.
Ensuring IT and operational networks are correctly segmented
Many business processes and apps require communication across the IT/OT divide, and organizations need to ensure that this occurs securely. This straightforward step is frequently overlooked, but it should not be. Additionally to IT/OT segmentation, it is essential to implement virtual segmentation within the OT environment. This will aid in detecting lateral movement within the OT networks. Additionally, if remote activities require direct access to OT networks, this must be accomplished via a secure remote access connection with restrictions over users, devices, and sessions.
Maintaining proper cyber hygiene
Organizations must ensure that their hygiene extends to OT and IoT devices. This involves the usage of strong passwords (and avoiding the habit of exchanging passwords between users, which is prevalent in industrial processes), a password vault, and multi-factor authentication. Certain operations, such as patching legacy systems, may be more difficult or even impossible. If this is the case, determine and install compensatory restrictions such as firewall rules and access control lists.
Implementing a robust system monitoring program
This includes monitoring for risks in both IT and operational technology networks and anything that crosses that barrier. Agentless solutions interact seamlessly with both OT and IT systems and workflows and enable IT and OT teams to collaborate on OT environments. These solutions are purpose-built for constant threat monitoring across the OT network and can be implemented quickly. Utilizing the same data collection, these teams take particular steps to manage and reduce the risk associated with known and undiscovered risks.
Conducting drills to test the incident response plan
Conducting mock ransomware attacks can assist in assessing organizational and technological preparedness. This enables organizations to develop an enhanced incident response strategy and increases the confidence in preparation and resilience to such attacks.
Ransomware attacks are wreaking havoc on pipelines, processing factories, and food distribution. And while none of these attacks appear to have directly affected the OT environment, it is only a matter of time. With proper knowledge and tools, organizations can alter this trend. By taking a few simple, foundational steps, security leaders can reduce the risk of ransomware to industrial environments.