By Rick Peters,CISO Operational Technology, Fortinet
Operational Technology (OT) systems have been used to manage everything from factories to transportation networks to utilities for years. Most citizens, however, do not consider these mechanisms until there is a problem. That’s why the attack on Colonial Pipeline in May 2021 came as such a shock. The attack on a segment of the enterprise went beyond IT, causing a brief but significant disruption in OT-based fuel supplies, prompting the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) to issue an advisory urging critical infrastructure (CI) asset owners and operators to maintain a high level of awareness.
Unfortunately, this isn’t the first or last time an aggressive hack on a critical infrastructure target has made news. Given the chances for mission effect, societal anxiety, and profit that disrupting systems and stealing intellectual property from OT and IT systems bring, malicious cyberattacks are likely to rise. If there’s a silver lining to this high-profile attack, it’s that it’s refocused attention on securing critical operational technology assets.
The consequences of neglecting to invest and commit proportionally to a cybersecurity strategy have also been illustrated by OT cyber occurrences. Owners of OT systems have depended on the “air gap” that separates them from IT for years to secure them. However, as more OT businesses digitally connect OT infrastructure, such as supervisory control and data acquisition (SCADA) systems, to IT networks, the consequent evaporation of the air gap has elevated the amount of risk substantially. Given this situation, it’s no surprise that 9 out of 10 OT organizations were surveyed in the “2021 State of Operational Technology and Cybersecurity Report.”
OT firms must commit to a proactive cybersecurity approach to secure cyber-physical assets, with a focus on visibility, control, and behavior analysis. To keep OT safe, it’s vital to secure every point of contact with the outside world.
SCADA or industrial control systems (ICS) exploits were once thought to be a rare subgroup of highly orchestrated, typically nation-state-sponsored targeted attacks. However, the OT market is predicted to rise at a CAGR of 6.40 percent through 2027. Using anonymity as a defense technique no longer works; it’s basically an invitation for cybercriminals to break into and compromise OT systems. Although IT-related flaws are still more common, a growing number of exploits are targeting OT, according to FortiGuard Labs’ Global Threat Landscape Report. The long-held belief that ICS exploits are a small part of the cyber security landscape is no longer valid.
OT attacks used to be the domain of expert threat actors who knew how to take advantage of ICS and SCADA systems. However, many of those tools are now being bundled as attack kits on the dark web, making them accessible to a much broader range of attackers with less technical skills. The assaults are carried out for a variety of reasons, including extortion, stealing intellectual property, and just testing infrastructure resilience. The attacks have a side effect in that they create an atmosphere of uncertainty, which can compel government and commercial executives to take action. The media attention that a successful attack on OT infrastructure generates only amplifies these impacts. Large-scale attacks on energy and manufacturing companies, as well as smaller, more discrete breaches into municipal utilities, are all deserving of attention. The scary cybersecurity news in 2021 emphasizes the importance of OT infrastructures necessitating paying attention to attack vectors, tactics, and techniques that target industrial environments.
The rising requirement for integration between enterprise solutions and operational infrastructure is demonstrated by the rapid expansion of the threat landscape and the increase in attacks. Security issues must, in most circumstances, extend beyond on-premise systems to include Internet of Things (IoT) and Industrial Internet of Things (IIoT) devices. It’s also critical to have a strategy in place to limit and contain suspicious activity and behaviour in the infrastructure. Organizations should adopt zero-trust network access (ZTNA) at the very least, which restricts user or device access to only the resources needed to perform a specified role or function. The range and amount of involvement are also strictly limited by ZTNA, which serves to minimise activity if a system is compromised.
Organizations in the OT sector that implement comprehensive security measures get an advantage over threat actors and can reduce the effect of a compromise. Obscurity no longer benefits OT infrastructure, and the advent of near-universal convergence of IT and OT networks means that historically separated environments are no longer safe. To harden OT environments, organisations must take proactive measures, such as integrating technologies and procedures that guard, detect, and respond to threats in real time. Attacks are unavoidable, but they do not need to be successful.
