OT Is Low-Hanging Fruit for Cybercriminals: What to Do about It
Cybersecurity continues to be a significant issue for operational technology leaders. While the majority of organizations have been implementing IT security measures for years, OT security is a different matter. As the growth in the Industrial Internet of Things (IIoT) and subsequent IT/OT convergence have expanded, manufacturers have lost the “air gap” that protected their OT systems from malicious actors.
New research from Fortinet underlines the need for cybersecurity to be an integral part of the daily work of OT leaders and their teams. Seventy-one percent of OT pros who responded to an April 2020 survey (sample size was under 100 respondents) say they’re regularly involved in IT cybersecurity strategy, a huge jump from 15% last year. However, many cybersecurity solutions are impeding success and creating greater complexity for at least 50% of OT professionals. In addition, there’s the division of priorities between OT and IT that has caused some miscommunication and ruffled some feathers.
Despite the improved focus on cybersecurity, cybercriminals are exploiting OT environments and seeking to disrupt operations and take advantage of heightened workforce stress. The business impacts and challenges have been amplified since the onset of COVID-19, so OT leaders need to keep up with recent industry changes and find ways to provide the best possible protection against cyber threats and vulnerabilities.
When Worlds Collide
With the air gap disappearing, cybercriminals have increasingly been targeting OT systems to disrupt operations, steal proprietary information or commit acts of cyber terrorism. This negative trend is in part driven by bad actors who naturally seek to gain from accessing the easiest and most economically viable targets. Far too often, existing malware works effectively against legacy systems deployed in OT networks that have probably not been updated or patched. The natural tendency of OT enterprise leaders is to favor continuous operations over disruptions driven by routine cyber hygiene. As a consequence, OT systems often represent low-hanging fruit for cybercriminals.
Cybersecurity is essential, but what OT leaders are struggling with is how to balance it with operation efficiency and flexibility. The Fortinet survey revealed that at least half of OT professionals feel that their security solutions are impeding their flexibility and introducing greater complexity. Security analysis, monitoring, and assessment tools were ranked as the top three barriers that increased complexity. However, it is vital for OT leaders to stop perceiving cybersecurity tools as impediments to their work and to start seeing them as enablers instead.
Disruption Brings New OT Threats
The Fortinet survey found that 9 out of 10 organizations experienced at least one OT system intrusion in the past year. In fact, the share of organizations experiencing three or more intrusions increased from 47% to 65% over that same period. These intrusions often impacted operational efficiency and revenue.
History demonstrates that periods of social and global disruption often coincide with an increase in cyber-attacks, and the current circumstances are no exception. Recent hacking campaigns rely on less-complex techniques because of the perception that there is significantly increased human error during periods of high stress. Add to that the implementation of business practices designed to extend the remote workplace, and the attack surface expands yet further.
The recent global increase in disruptive and malicious activity has simply reinforced the need for proactive cybersecurity practices that harden the OT environment, so that outmaneuvering the adversary is actually possible.
Best Practices for OT Security
The first step in hardening the environment is recognizing the range of vulnerabilities that exist due to the convergence of IT and OT infrastructure. The expanded threat landscape creates a significant range of opportunities for cyber attackers to penetrate and establish multi-point presence on OT targets.
Consequently, it is vital to implement best cyber practices that deliver security beyond just perimeter detection and protection, and focus on recognizing and analyzing any unknown and unusual behavior. That often starts with complete network visibility, combined with enforcing earned trust for all devices within the OT infrastructure. Strict identification of approved access and roles, and consistent enforcement of controls to limit movement within an environment, are equally important.
These are not stunning new cybersecurity protocols. Instead, they comprise many of the basic practices of security hygiene: being proactive about security, working toward centralized visibility and control, and tracking and reporting basic cybersecurity metrics. As OT systems depend less on air gaps and become integrated with IT systems and with the internet, OT leaders will need to reinforce internal security awareness and strengthen their systems with security protections based on an inventory of what is presently deployed and the remaining security gaps.
Security Success within Reach
The 2020 survey statistics illuminate the struggle most organizations are experiencing as they try to secure their OT systems in the new era of OT/IT/IoT convergence. What’s more, cybercriminals never let a crisis go to waste and are leveraging the pandemic and current unrest as a smokescreen for their attacks. It’s never been more complex or more important to keep OT systems safe.
It turns out, though, that doing so does not require radical new measures. Instead, learn the lessons from IT security and enforce cyber hygiene best practices first and foremost. Then, take stock of what cybersecurity tools are already in place, how well they’re working and what gaps need to be filled. Doing so will enable proactive detection of an event that could threaten productivity. Adopting such a strategy can deliver the security services essential to sustaining safe and continuous operations.
Rick Peters is the chief information service officer for operational technology, North America for Fortinet Inc., delivering cybersecurity defense solutions and insights for the OT/ICS/SCADA critical infrastructure environments.