By Lee Carter, Cyber Security Solutions for OT, SolutionsPT
Recent malware attacks have exposed the weaknesses of OT systems in recent years. What’s especially worrying is just how quickly and easily the infections spread across systems, devices, and borders without the right measures in place. Even if you weren’t specifically affected by the malware, the rise in cyberattacks targeted at OT environments should be a cause for concern.
Manufacturers may think they are already investing heavily on IT security which will protect from attacks like this. Unfortunately, if your IT and OT system teams aren’t aligned there can be serious consequences.
The differences between IT vs OT systems security
IT
Anyone who has experience as part of an information technology security team understands how relentless the work can be. It is their responsibility to identify new threats, determine a solution and then implement it before the network can be accessed maliciously.
Attackers find new exploits in operation systems to seize valuable information while the IT teams rollout patches and update malware signatures. This task is a whole lot easier with next generation detection programmes Cylance or via deep packet network inspection tools.
These patches are managed and released regularly on an often hourly, weekly, and monthly basis. It’s up to the IT team to have their wars to the ground so they’re aware of the vulnerabilities that may be exploited (while simultaneously providing end user training to reduce the risk of insider threat).
They share information with the wider IT security community, act upon threat intelligence feeds and do their best to implement fixes to the vulnerabilities that hackers uncover. A poorly designed IT network can make this task even more difficult because of the vast number of access points that hackers could exploit. The more the organisation’s network grows, the more entry points they must worry about alongside the other daily worries of remote access software, users connecting unknown devices and more.
There are a lot of moving parts for the IT team to think about – IT is dynamic whereas OT is deterministic – which is why a robust network and effective resources are essential.
OT
One of the key differences between the OT environments and IT systems is the number of gateways to deal with. Because OT systems are designed to act in a particular way, they are more rigid and predictable than their IT counterparts. This means there are fewer points of entry for cyberattacks or anyone with malicious intent. It’s a little easier to keep track of everything because operators can be more certain of where an attack might try to gain access.
It may be widespread practice that OT systems haven’t been updated because of a business decision. This might be because the maintenance window is too short, or downtime isn’t available, or the business wants to keep hold of a good configuration. Consideration is also needed before the introduction of IIoT to establish both exposure and risk appetite.
The systems that fall under the OT umbrella control critical infrastructure. They’re expected to always run perfectly – no delays or unplanned downtime, only limited maintenance windows. This means that in some instances, security measures aren’t introduced because it would mean halting production or could mean the loss of real-time data.
As a result, an increasing number of the HMIs that are currently in use operate outdated and unpatched software which may have limited security controls in place. Any one of them could introduce well-known vulnerabilities to your OT network. Crucially, the IT side of things isn’t aware that these legacy machines are part of the wider network. This is usually because the worlds of IT and OT operate independently, OT doesn’t often venture out onto the plant floor, or don’t have visibility of assets from the Security Operations Centre.
Why IT and OT convergence is important for security
It’s thought that around half of UK businesses have vulnerable OT cybersecurity systems. Meanwhile, OT threats are on the rise and are more common than ever before.
The rise of connected IoT devices has left many organisations with more devices to manage on their networks. It’s difficult to manage these growing environments and this makes a hacker’s life a whole lot easier.
To combat these threats and protect your business, it’s crucial that IT is kept in the loop with all thing’s security, allowing them to effectively monitor and control all devices. Any OT device or system connected to networks that have a lower trust level need to be effectively protected with similar robust measures to the IT side.
Security should be a priority for all aspects of the business, a higher focus should be around critical assets, network gateways and especially safety systems. Working within an established framework allows you to identify what good working practice looks like. If the IT team isn’t working within these frameworks, then the OT side shouldn’t follow suit. These frameworks are well established and regularly updated to match industry changes in thoughts and approach.
Consider anything that OT has been issued with to improve productivity and reduce downtime. Are they secure Are those operating the systems as aware as their IT counterparts about the IT risks that may affect OT systems?
Aligning IT and OT
For your business to be protected, it’s vital that everyone receives the training necessary to implement modern technologies while still ensuring they meet strict security criteria. Staff need to understand what they’re protecting and what their exposure is. Using security frameworks allows them to identify how to achieve a satisfactory level of cyber hygiene.
Today’s OT cybersecurity solutions rely heavily on IT infrastructure, increasing the overlap of skills needed for managing the two and further showing just how important it is that IT is involved, or the skills gap is closed within OT.
Convergence is a crucial yet complicated process. To overcome common challenges you might encounter and gain some best practices to follow download this free eBook from SolutionsPT.