A breach of OT and cyber-physical systems can have catastrophic consequences on the operations of any organization. In recent years, OT security outages have greatly impacted enterprise environments.
In any company, the Operational Technologies usually consist of hardware and its managing software. This is more so in industrial, manufacturing, and physical engineering companies.
Once there is connectivity, the risk of cyber security outage increases. It is as dangerous as any cyber-attack because it can lead to downtime or data outages.
Importance of Operational Technology (OT) Security
The impact of an OT security attack can be far-reaching since it can bring a company to a grinding halt. For enterprises, it is mostly manufacturing or heavy engineering environments that can face an OT outage.
According to a new Fortinet report on OT organizations, “75% of those responsible for OT security say their organization experienced at least one OT system intrusion incident in the last year, with 32% experiencing a ransomware attack. 32% of these cyberattacks targeted both OT and IT systems.”
Reasons for OT Security Risks
Traditionally, many giant manufacturing companies and organizations have chosen not to upgrade their operational technology, citing concerns about system instability.
In most enterprises that rely on operational technologies, upgradation is done only if absolutely necessary. Companies invest in upgrades only when there is a need to increase the productivity of the machines. only then they get a technology or functionality modernization or upgrade.
There could be many reasons for this. Primarily, there are costs involved because larger operational technology hardware is expensive. So most go with the idea of working the equipment as long as possible.
When the upgrade does happen, it is usually due to wear and tear or age-related faults. A technology that produces consistent results is invaluable, especially when physical processes are involved.
As a result, organizations frequently adhere to the “if it is not broken, don’t fix it” principle.
The legacy environment thus established is a sitting duck for OT cyber-attacks. It is more probable that hackers will find and attack an organization that has not upgraded its operational technology.
Managing OT Security
Organizations must implement OT cybersecurity best practices to deal with the security risks of OT environments.
The biggest threats may come from the operators, contractors, and vendors connecting remotely to their networks.
This is a huge risk for security. Enterprises should know who (identity) is doing what on their network, from which device, and when. This will help them protect their OT from cyber risks. OT security should include complete, granular access control —whether for an employee or a vendor, on-site or remote.
Also Read: Strategies to Strengthen the Operational Technology (OT) Cybersecurity Posture
Here are four ways to protect operational technology environments from cyber threats.
1: Implement a Zero Trust Framework
To secure any network, companies need to thoroughly asses every connected user and device. They should be aware of what data they are attempting to access.
This needs to be a basic premise of all security frameworks. To embrace zero trust throughout your OT network, implement the following security controls:
- Implement network segmentation: Allow application access independent of network access. This includes allowing contractors and vendors to access only the applications and systems they require without requiring complicated firewall configurations or VPNs.
Networks could be the single biggest source of vulnerabilities. Protecting network access points is critical. Many companies do not allow remote access to OT for this purpose.
Only the team needing to work on repair or upgrade should have this privileged access. Segmentation of network access is thus an important part of the zero-trust framework.
- Provide application-level micro-segmentation:It keeps users from discovering applications they cannot access. This step protects the environment from malicious insiders, external threat actors, and human errors. These, apparently, are a leading cause of breaches and system downtime.
- Creating a centralized point of visibility and access- the software or dashboard that controls the visibility of all processes in the OT environment should be available only to a select leadership. The transparency and visibility of the process need not be available to all. There should be an extremely stringent policy on who gets to access what visibility in the OT platforms. This will protect them to a certain extent from prying eyes and malicious intent.
- Exercise granular control over sessions:Enforce the least privileged access and limit the commands that can be executed by the identity/user. Each function on every platform or machine should have specific access control. Each session within each function must also be monitored for the period the access has been granted.
Access control should also include monitoring the changes that can be made to the processes by users with this entry point.
An extremely granular access rights approach will help keep various lines secure.
- Implement API Security: Protecting APIs is critical for ensuring data integrity between IoT devices and back-end systems. Only authorized devices, developers, and apps should be able to communicate with certain APIs.
The security of these APIs is also critical. Any breach or leak in the APIs will enable unauthorized access and entry into the system. A single such breach or entry can bring down an entire operations environment. So this is something enterprises need to take very seriously.
-
Allowing Remote Access Tools Only for Authentic Users
There are many instances when plant operators need to access the OT platforms remotely.
The pandemic was one such time when almost all operations were performed remotely.
While IoT devices and AI-based tools make this possible, remote access requires almost complete availability of every functionality. Digital access to workers can ensure zero downtime. However, it will also increase the risk of unauthorized functions in the environment.
This remote access will defeat the zero-trust security policy unless the access levels are clearly defined.
Enterprises working this way must be clear on their access policies and network tools.
VPNs are adequate for providing basic remote employee access to non-sensitive systems. However, they lack the granular access controls, visibility, scalability, and cost-effectiveness. these attributes are critical for third-party and remote worker access to OT/IoT devices.
They cannot enforce granular least privilege access or session monitoring/management. Unfortunately, these functionalities are critical to secure and oversee privileged user access. So, using VPNs for remote operating in OT environments may not be very safe from a cyber-security point of view.
-
Ensuring IT Threats Don’t Overflow into OT Environment
Most organizations’ policies and service agreements for managing IT systems do not apply to the operational technology environment. This results in a security and management gap.
Managing security and risk in OT environments is not as simple as transferring IT security best practices to the OT system.
When protecting the most sensitive environments, it is not safe to rely on consumer-grade remote access/support and other similar solutions.
In the IT industry, software is used only for a few years before it is upgraded to stay updated with patches etc. In some OT environments, legacy systems may be in place for 20-25 years. This leads to outdated, diverse endpoints with no patches or updates.
Also, organizations must develop solutions and strategies to secure their OT environments based on their unique requirements. There are no one-size-fits-all OT platforms.
In the digital age in which enterprises function today, IT and OT environments converge at several points. Software defined applications and networks are now imperative for OT as well. This becomes a huge risk area. The risks that IT faces- network breaches and ransomware threats- will be transferred to OT as well.
More critically, OT environments also store data as they take the software path. Particularly for OT that use AI or ML tools. This data becomes vulnerable the moment there is external access to the platform.
So, for the sake of a secure OT environment, companies need to have clear demarcation between these two environments. they need secure APIs, and zero trust access control, wherever there is a crossover.
-
Implement Strong Privileged Identity and Credential Management Practices
Password misuse is common in OT environments and is a leading cause of breaches. Credentials are often shared internally and externally, with unrestricted access to all network devices and segments.
Implement strong governance over access to privileged account passwords and SSH keys. This will help reduce the operational risks associated with credential compromise. Implement an enterprise-grade privileged credential management solution. This is the way forward to gain complete control over system and application access via live session management.
It also enables administrators to record, lock, and document suspicious behavior while locking or terminating sessions. Such a solution should eliminate default and embedded passwords and place them under active, centralized control.
Conclusion:
OT security must take a strategic and adaptable approach to combat evolving threats effectively. While incorporating OT security assessments into existing cybersecurity frameworks is a positive step, many organizations find it difficult to conduct them regularly.
A technology-driven approach is the most efficient and advantageous solution, with numerous undeniable benefits.
Adopting a technology-enabled approach to OT security assessments shifts organizations from a reactive to a proactive security posture. With this transformation, they not only remediate but also anticipate risks. Then they are ready for any threats and prepared to fight risks, better than before.
Check Out The New ITsecuritywire Podcast. For more such updates follow us on Google News ITsecuritywire News.
Source: https://www.dragos.com/blog/industry-news/2023-ot-cybersecurity-year-in-review-now-available/
