The rise of OT security risks and what enterprises can do

While OT systems are increasingly getting connected, most of them have proprietary or aging systems that prevents them from getting updated. There is also relatively lesser awareness on security, and we can observe that security patches are not applied consistently.
Murtaza Bhatia
  • Published On Feb 28, 2024 at 09:24 AM IST
Read by: 100 Industry Professionals
Reader Image Read by 100 Industry Professionals
<p><strong>Murtaza Bhatia, Director, Cybersecurity, NTT Ltd, India</strong></p>
Murtaza Bhatia, Director, Cybersecurity, NTT Ltd, India

We live in a connected world, where every machine or entity is intelligent. Thanks to Industry 4.0 technologies, legacy industrial systems which previously were isolated, are now being connected to the external world. These industrial systems are monitored or controlled using Operational Technology (OT). These solutions aim to increase automation, add “smart” devices, make data more efficient and available, and interconnect networks for convenience.

Today, thanks to the convergence of IT and OT systems due to an increasingly networked world, the threats which were present in the IT environment are now percolating to the OT ecosystem too. Previously, systems were largely proprietary and isolated, and operations managers worked on-site. There was no need to connect them to the corporate network or the Internet. Management of the systems rarely fell under IT control. But today, these systems are increasingly getting interconnected to the internet in an attempt to streamline business, improve communication in the supply chain, and find new intelligence using technologies such as the cloud and IoT.

Advt
As part of the interconnection, and in order to make OT components more accessible while being able to collect and analyze data about them, IT and OT networks are also becoming interconnected. This movement is referred to as IT-OT Convergence. This creates huge risks, as OT systems do not have the same security ecosystem as IT. For example, connected ICS and SCADA systems are today far more vulnerable to external attacks than ever before.

While OT systems are increasingly getting connected, most of them have proprietary or aging systems that prevents them from getting updated. There is also relatively lesser awareness on security, and we can observe that security patches are not applied consistently. Additionally, as most OT networks were built several years ago, there is a lack of understanding in updating or patching legacy systems, which are now getting connected to external networks. As the convergence of IT and OT systems happens, the risk increases.

Due to IT-OT convergence, threats that originate in the IT environment are extending into the OT domain. For example, malware which was used to target IT networks are finding great success on OT systems, as most of them run devices running unpatched software systems. This can be seen from the rise of specific but very effective OT attacks against SCADA and ICS-based systems.

Best practices to protect against OT-based attacks

Based on our experience, we recommend the following key steps for improving OT security:

  • Conduct an annual risk assessment exercise to understand your current risk exposure. Maintain the board’s engagement with cyber-risk. Engage with a specialist partner consultant with supplying parties on possible attack vectors via the management plane, aim to restrict the surface(s) via RBAC, two-factor authentication (like fingerprint, voice, facial recognition, etc..) and if possible extend log to the remote management/maintenance supplier into your SIEM with a track record of conducting similar risk assessments with respect to OT. Understand what is on your network and what protocols traverse it.
  • Secure configuration – keep hardware and software protection up to date. Work with suppliers to ensure proprietary systems are maintained. Build an asset or inventory register, paying particular attention to end-of-life/unsupported systems.
  • Segmentation of OT networks and monitor communication between IT to OT and OT to IT.
  • Establish a monitoring and detection system – continuously monitor all log data generated by your OT systems in order to baseline ‘normal’ activity. This enables real-time detection of attacks that go against this definition of normal behavior.
  • Educate and train your employees – ensure they really know your policies and incident response processes. Systems are still more at risk due to unintentional consequences from various insiders than from malicious outsiders. Take time to educate your system engineers on key security controls, as most engineers have little or no background in security.
  • Check passwords on connected devices – many connected devices are using weak or factory-set passwords that leave the front door wide open.
  • Incident response – establish, produce, and routinely test incident management plans to ensure that there is business continuity and to prevent a cascading effect.
  • Secure the network – manage the network perimeter and filter out unauthorized access.
  • Malware protection–establish anti malware defenses and continuously scan for malware.
  • Patching schedules – ensure that SCADA systems are up to date with patching schedules and are not using default passwords
  • Restricting logical and physical access to the Industrial Control Systems (ICS) network and network activity
  • Restricting logical access to the ICS network and network activity
  • Restricting unauthorized modification of data
In an era where it is extremely common to see vulnerable ports of machines using search engines such as Shodan, it is imperative that enterprises pay the same level of attention to OT security as they do for IT security. This is critical as most of these industrial systems or machines have web-based interfaces that can control critical infrastructure. In the case of any security breach, prompt incident response is imperative following a breach and many organizations do not have the required skills or adequate resources waiting to leap into action when an incident happens. In such cases, it might be worth considering a monitoring and incident response partner to provide the right resources to help an enterprise return to business as usual as quickly as possible should a breach occur. Managed service providers are well equipped to address these issues, and they can help organizations understand the risk exposure, prepare an incident response plan and continuously monitor risk.

Advt
With OT systems increasingly coming under attack, it is imperative for organizations to take steps to improve their security posture, as even a few hours of downtime can not only lead to huge financial losses, but also erode trust.

The author is Murtaza Bhatia, Director, Cybersecurity, NTT Ltd, India

Disclaimer: The views expressed are solely of the author and ETCISO does not necessarily subscribe to it. ETCISO shall not be responsible for any damage caused to any person/organization directly or indirectly.
  • Published On Feb 28, 2024 at 09:24 AM IST
Be the first one to comment.
Comment Now

Join the community of 2M+ industry professionals

Subscribe to our newsletter to get latest insights & analysis.

Download ETCISO App

  • Get Realtime updates
  • Save your favourite articles
Scan to download App