By Anastasios Arampatzis
The frequency of cyberattacks on operational technology (OT) systems is increasing, causing significant impact on industrial operations. Organizations are under pressure to find solutions quickly. Industry 4.0 prompted the adoption of digital solutions that aim to increase automation, incorporate smart devices, improve data efficiency, and IT-OT convergence. IT/OT convergence offers many new opportunities but also introduces a vast array of cybersecurity threats.
It’s crucial to safeguard against these threats, especially to essential systems like BMS, UPS, and HVAC. Posing a greater risk than those in IT, OT attacks result in physical consequences such as shutdowns, outages, leakages, and even explosions. 35% of the 64 OT cyberattacks reported in 2021 resulted in physical damage, with estimated costs of $140 million per incident. Moreover, geopolitical tensions in 2022 led to an 87% increase in ransomware incidents. Notably, 72% of this increase was attributed to Europe and North America, highlighting the need for greater security measures to protect our infrastructure.
The challenges of industrial cybersecurity
Cybercriminals use ransomware and insecure supply chain connections to hijack OT devices and compromise business-critical data to disrupt production and operations. Industry faces several technical and operational challenges when protecting against attacks:
- Legacy or constrained systems with old, unpatched vulnerabilities and limited security controls
- Limited implementation of security controls on legacy OT devices due to constrained computing environments
- Third-party remote connections to OT devices for vendor maintenance
- Lack of centralized management and governance of OT cybersecurity operations due to conflicting ownership between OT and IT teams
- Conflicting priorities (i.e., IT confidentiality and integrity vs. OT reliability and availability) lead to indecision between sustaining productivity and securing devices
- Skills and talent shortage of cybersecurity and industrial automation expertise
- Operational and technical restrictions that limit the ability of OT teams to patch devices and implement time-sensitive solutions
Considering the challenges, the following four steps are worth considering and putting into action to enhance OT cybersecurity.
Track asset inventory and identify vulnerabilities
In a reliable OT security plan, it’s essential to have a thorough asset inventory. You must identify all the connected assets, their location, communication channels, support, and contract details. Just one vulnerable IoT device can jeopardize the entire network, so visibility of all components and risks is crucial. Utilizing AI, machine learning, and data analytics through vendor-agnostic software solutions can help to monitor, measure, and manage large OT/IT networks. With this technology, you can obtain valuable insight enabling detailed system planning and modeling.
Segregation of OT and IT networks
Network segmentation is highly recommended to safeguard critical OT systems. Simple segregation involves separating classified from unclassified networks. The classified network is ultra-secure and has high-trust resources safely handling sensitive data and critical assets. Any suspect or untrusted devices should be connected to the secondary unclassified network, isolated from essential resources ensuring security cannot be breached.
A zero-trust approach to OT cybersecurity is built on network segmentation, robust identity validation, and verification. This approach makes it difficult for attackers to breach the system, thus making the target unattractive. Even if the attacker bypasses the obstacles, network segmentation limits the impact and provides defenders time to contain and block the threat.
Protective and proactive security controls
Cyber attackers are particularly interested in exploiting vulnerable OT devices and the critical data they generate. Invest in device hardening and data loss prevention to proactively secure your OT infrastructure. This includes strict patching and firmware updates, securing communication protocols, and regular penetration testing. To ensure proper support, consult reputable manufacturers for patching and firmware support details.
Additionally, develop a support plan for the entire device lifecycle. Compared to IT devices, OT infrastructure has a longer lifespan, meaning companies can continue to use outdated hardware beyond the manufacturer’s support period. When faced with this decision, consider the risk of exploitation of unpatched and obsolete firmware against the cost of retiring physical infrastructure.
To protect sensitive data, invest in a data loss prevention (DLP) solution that detects and responds to real-time data exposure incidents. The ideal solution should combine traditional DLP with incident response capabilities to empower cybersecurity teams and minimize false positives.
Business continuity and disaster recovery
Being proactive is not a foolproof solution. It would be best to have a business continuity and disaster recovery plan to ensure operational resilience when needed.
Include a comprehensive impact assessment of possible breach scenarios, details on potential damages, how long-affected systems can stay offline before causing significant operational disruptions, and steps to mitigate risks. Regularly testing disaster recovery procedures is also advisable to ensure your systems are robust and familiar. As physical infrastructure assets are increasingly digitized and networked, prioritize the latest OT cybersecurity protection. Securing your physical infrastructure should be an ongoing effort to ensure that your networks remain secure now and in the future.
Anastasios Arampatzis is a retired Hellenic Air Force officer with over 20 years’ worth of experience in managing IT projects and evaluating cybersecurity. During his service in the Armed Forces, he was assigned to various key positions in national, NATO and EU headquarters and has been honoured by numerous high-ranking officers for his expertise and professionalism. He was nominated as a certified NATO evaluator for information security. Anastasios’ interests include among others cybersecurity policy and governance, ICS and IoT security, encryption, and certificates management. He is also exploring the human side of cybersecurity – the psychology of security, public education, organizational training programs, and the effect of biases (cultural, heuristic and cognitive) in applying cybersecurity policies and integrating technology into learning. He is intrigued by new challenges, open-minded and flexible. Currently, he works as a cybersecurity content writer for Bora Design. Tassos is a member of the non-profit organization Homo Digitalis.