The Convergence of IT and OT – Navigating The Cybersecurity Landscape
Earlier this week my colleague – Jim Houston, Client Strategy Director – passed me this article regarding the experiences of Clorox and why Cyber Security needs to be taken seriously and the ‘fallout’ that can happen when a breach occurs.
7 Key Takeaways
Having read the article, the 7 Key Takeaways (why 7?) as far as I was concerned were:-
- Be vigilant of outdated computers running unsupported operating systems, which are vulnerable to intrusion.
- Based on 1. above, replace outdated computers FAST to avoid unnecessary exposure to cyber attacks.
- Follow cyber auditors recommendations to mitigate risk and fallout from an attack. You pay them for their advice and therefore it makes sense to follow it
- Cyber security is a core facet of the modern business and needs to be taken seriously and treated with urgency.
- Cyber attacks can cost a fortune in terms of lost time and sales.
- In many businesses IT (Information Technology) Systems and OT (Operational Technology) Systems are tightly aligned and therefore the attack vector is more substantial than ever.
- The CISO (Chief Information Security Officer) is a critical and dedicated role which needs laser-focus and not to be treated as a shared/bolt-on activity.
In respect of point 6, I wanted to explore this area further with our readers, since Fusion IT has a number of clients in the Manufacturing and Logistics sector who operate OT and for whom we provide vital cyber security defences.
Navigating the Cybersecurity Terrain Amidst the fusion (forgive the pun) of IT and OT
The convergence of Information Technology (IT) and Operational Technology (OT) has become a pivotal point of discussion. IT is traditionally associated with data management and communications, whereas OT relates to the control and operation of physical devices and processes. This integration has led to significant advancements in efficiency, productivity, and innovation. However, it also presents unique cybersecurity challenges that must be addressed to protect critical infrastructure.
Understanding the Interrelationship
The interrelationship between IT and OT is driven by the need for real-time data analysis and enhanced operational visibility. IT systems facilitate the collection and analysis of data, which can be used to optimise OT processes. Conversely, OT systems provide the IT infrastructure with data that can improve business decisions and strategic planning. This symbiotic relationship has given rise to the Industrial Internet of Things (IIoT), where devices are interconnected and communicate seamlessly.
Cybersecurity Implications
With the merging of IT and OT systems, the attack surface for potential cyber threats expands. OT systems, which were once isolated and deemed secure due to their physical inaccessibility, are now exposed to the same vulnerabilities as IT systems. The stakes are high, as OT systems often control critical infrastructure, such as power grids, water treatment facilities, and manufacturing plants. A breach in cybersecurity can lead to catastrophic outcomes, including service disruption, financial loss, and threats to human safety.
Operational Technology (OT) systems can be vulnerable to various types of cyber attacks. Here are some kinds that can be affected: |
Manufacturing systems: Nearly 60% of cyber incidents targeted manufacturing OT sectors in 2022. |
Energy systems: Energy sectors experienced 17% of the cyber attacks among OT industries. |
Water utilities: Water utility systems were subject to around 1% of the global attacks |
Industrial Control Systems (ICS): Common risks include malware attacks, supply chain vulnerabilities, and human error. |
Enterprise networks connected to OT networks: Ransomware and remote access Trojans are prevalent threats causing operational outages. |
Protective Measures for OT
To safeguard OT, organisations must implement robust cybersecurity measures. These include:
Risk Assessment
Conducting a comprehensive risk assessment is the first step in securing legacy OT systems. This process involves identifying, evaluating, and prioritising risks to understand the potential vulnerabilities and threats that could impact the systems.
Segmentation
Dividing the network into smaller, more secure segments can limit the spread of cyberattacks. By isolating legacy systems from other parts of the network, organisations can reduce the risk of a widespread breach.
Access Control
Implementing strict access control measures ensures that only authorised personnel have access to critical systems. This includes using strong authentication methods and monitoring user activities to prevent unauthorised access.
Regular Updates and Patch Management
While legacy systems may not always support the latest updates, it is important to apply all available patches and updates to address known vulnerabilities. When updates are not possible, additional security measures should be put in place to protect the systems.
Physical Security
Enhancing physical security measures can prevent unauthorised physical access to legacy OT systems. This includes securing the locations where these systems are housed and monitoring for any unauthorised entry.
Employee Training
Operators and technicians should receive regular training on cybersecurity best practices. Educating staff about the potential risks and how to recognise and respond to cyber threats is crucial for maintaining security.
Monitoring and Detection
Implementing continuous monitoring and anomaly detection systems can help identify suspicious activities early. This allows organisations to respond to potential threats before they cause significant damage.
Incident Response Planning
Developing a robust incident response plan enables organisations to respond quickly and effectively to security incidents. This plan should include procedures for containment, eradication, and recovery from cyberattacks.
Legacy System Isolation
If possible, legacy systems should be isolated from the internet and other networks that could expose them to cyber threats. This reduces the attack surface and helps protect against external attacks.
Vendor Support
Engaging with vendors who specialise in legacy systems can provide additional support and expertise. Vendors may offer customised solutions or workarounds to enhance the security of these systems.
By adopting these strategies, organisations can significantly improve the security posture of their legacy OT systems, thereby protecting their critical infrastructure from cyber threats. It is important to recognise that securing legacy systems is an ongoing process that requires regular review and adaptation to the evolving cybersecurity landscape.
Common Cyber Threats to OT
As we have established, Operational Technology (OT) systems are crucial for managing industrial operations and are increasingly interconnected with Information Technology (IT) systems.
This convergence has led to a rise in cyber threats that target OT environments, but what specifically do these cyber threats look like?
Ransomware
This type of malware encrypts an organisation’s data and demands payment for the decryption key. Ransomware can severely disrupt OT operations by locking access to critical systems.
Legacy System Vulnerabilities
Many OT systems use outdated software or hardware that may not receive regular updates, making them susceptible to exploitation by attackers.
Remote Access Trojans (RATs)
These malicious programs allow attackers to remotely control an infected system. RATs can be used to manipulate OT systems, potentially leading to physical consequences like shutdowns or equipment damage.
A few years ago I came across a couple of businesses affected by a RATs attack. The first business experienced an attack on their refrigeration sensors causing the spoil of tonnes of cream cheese. The other business operated furnaces where the temperature needed to be monitored closely to ensure site safety. In the latter case, the attack failed, but the results could have been catastrophic.
Richard Payne – Support Business Development Manager
Phishing
Attackers use deceptive emails or messages to trick individuals into revealing sensitive information or installing malware. Phishing can lead to unauthorised access to OT networks.
Insider Threats
Employees or contractors with legitimate access to OT systems can intentionally or unintentionally cause harm, either by leaking sensitive information or by directly sabotaging systems.
Third-Party Connections
Many OT systems are connected to third-party services for maintenance or data analysis. These connections can be less secure and provide a pathway for attackers to gain access to OT systems.
Brute Force Attacks
Attackers use automated tools to guess passwords and gain unauthorised access to systems. OT systems, particularly those with weak authentication practices, are vulnerable to such attacks.
Vulnerability Scanning and Exploitation
Attackers scan networks to identify and exploit known vulnerabilities. OT networks that are connected to IT systems are at risk of being discovered and targeted through such scans.
To protect against these threats, it is essential for organisations to implement comprehensive cybersecurity measures tailored to the unique needs of OT environments. This includes regular security assessments, network segmentation, access controls, continuous monitoring, and incident response planning. By understanding the common threats and taking proactive steps to mitigate them, organisations can better secure their OT systems against cyberattacks.
As as Sophos Gold Partner, what can Fusion offer to guard against OT cyber threats? |
Sophos provides a comprehensive suite of cybersecurity solutions to protect Operational Technology (OT) from cyber threats. Their approach includes Cybersecurity-as-a-Service, which offers 24/7 monitoring and response to cyberattacks targeting industrial control systems and networks. Sophos’ Managed Detection and Response (MDR) service is a key component, delivering expert-driven defence against sophisticated cyberattacks. Additionally, Sophos emphasises the importance of a zero-trust approach, with their Zero Trust Network Access (ZTNA) solution continuously validating user identity and device health before granting access to critical infrastructure. Sophos also offers advanced threat prevention technologies like Sophos Intercept X, which combines deep learning AI, anti-ransomware capabilities, and exploit prevention to safeguard endpoints. For network perimeter security, Sophos Firewall integrates modern threat protection technologies to contain threats and prevent data exfiltration. These solutions are designed to work together to provide a multi-layered defence against a wide range of cyber threats targeting OT environments. |
Summary
The integration of IT and OT has opened new frontiers for industrial operations, but it has also introduced complex cybersecurity challenges. Organisations must recognise the importance of cybersecurity measures to protect OT and, by extension, the critical infrastructure that sustains our society. By proactively addressing these challenges, we can secure the benefits of IT-OT convergence while mitigating the risks associated with this digital transformation.
Thanks
Richard