Council Post: IT And OT Convergence Need Holistic Cybersecurity Protection
David Schiffer is the CEO of RevBits and formerly of Safe Banking Systems (SBS). develops cybersecurity software for organizations.
Our digital future is dependent upon robust cybersecurity. Cybercrime continues to grow in sophistication, threatening to destabilize economies around the globe on many fronts. Threats from cyberattacks involving ransomware are escalating at an alarming rate. Attacks focused upon compromising a country’s critical infrastructure are an even more sinister and ominous form of cyber breach than holding corporate data for ransom. These types of destructive cyberattacks endanger industrial manufacturers, as well as oil and gas, transportation, water and waste management systems, food processing plants, electrical utilities and others.
The Expanding Risks In IT And OT Convergence
There are many security technologies available that offer digital infrastructure protection. When planning the execution of cybersecurity defense of mission-critical systems and data, security leaders must assume this single mindset: Their organization will eventually be breached. If they work within that concept, then they’ll employ everything possible, including the people, processes and technologies needed to mitigate risk.
The information technology (IT) domain covers computer information systems, including data transmission, storage and recovery. Operational technology (OT) controls and monitors industrial control systems (ICS) such as programmable logic controllers (PLC), distributed control systems and supervisory control and data acquisition (SCADA) systems. These are mission-critical systems that water, energy utilities and industrial manufacturing plants rely upon.
In the past, IT and OT domains have been completely separate organizational functions. However, with digital transformation initiatives, the two are converging. As the distinction between IT and OT diminishes, the attack surface of interconnected IT/OT systems increases.
For security purposes, ICS networks are air-gapped. An air-gapped network is disconnected from other networks to ensure physical isolation from unsecured networks, like the public internet. Air gaps between the ICS network and other networks can be effective barriers against cyberattacks. These isolated networks are not, however, protected from targeted attacks.
Protecting ICS requires broad protections, such as endpoint security, privileged access management and zero-trust networking. Digital transformation often exposes ICS data to more people in manufacturing, production and third-party suppliers. Risk management requires a holistic approach and a policy of not trusting anyone or anything that wants access to an organization’s network, systems and data. To accomplish this, IT, OT and security teams must identify the human, machine and software threats across their organization.
Beyond state-sponsored and syndicated hacker groups, employees and third-party service contractors can unwittingly enable attacks through authorized access to IT and OT systems. While digital transformation has become a bridge between information technology and operational technology, the risks caused by their convergence require a fully integrated cybersecurity program that addresses the priorities of both.
Targeting ICS Vulnerabilities
Cybersecurity requires a multi-functional approach with support for both legacy and modern systems. It must support endpoints, networks, applications, servers, storage and other infrastructure located on-premises and in the cloud. Security functions must evolve to outpace state-sponsored and organized hacker groups.
When pest control technicians want to get at unseen termites infesting a house, they don’t just target the termites they see on the surface. They implement a broader control campaign that tracks the termites as they move across various paths. As they touch each other and breed within the colony, the poison infects the entire colony. In a similar manner, sophisticated threat actors go after public and private sector industrial systems to infect networks, systems, and applications.
Bad actors target vulnerabilities within internet-exposed services to gain a foothold in IT and OT systems. They seed malware within a compromised system to eventually gain Windows domain admin privileges. Attackers can then access ICS computers that trust the IT Windows domain and propagate malware across those computers.
Because ICS computers are unable to route traffic to the internet, attackers deploy alternate schemes to infiltrate, using USB devices and external hard drives. Once in the ICS network, they can download control system configuration files and reprogram a single PLC. In doing so, they can cause it to create a malfunction on critical physical equipment while reporting to the plant HMI that the equipment is operating normally. The impact will eventually cause the equipment to prematurely wear out and force the plant to shut down for emergency repair due to an apparently random equipment failure.
Some endpoint security solutions will whitelist and blacklist devices, including USBs. They should also log computers that have USB activity and send real-time notifications to the admin. As we look forward, the convergence of IT, OT, ICS and IIoT will become increasingly more integrated with cybersecurity platforms that leverage artificial intelligence (AI). As a result, industrial systems will see a reduction in many time-intensive manual tasks. By leveraging AI’s machine learning, real-time predictive security capabilities will give engineers a heads-up before security breaches impact operations and workers. As more data is collected, AI continually builds its intelligence over time to help security teams defend their mission-critical systems-before operators even know an issue exists.
Threat actors continue their unabated nefarious activity against public and private sector critical infrastructure by exploiting OT assets, whether air-gapped or accessible through the internet. The bridging of IT and OT is accelerating due to improvements in operational performance. Yet, the security risks to operations must be aligned to support those benefits. According to Gartner, 75% of OT security solutions will be delivered by multifunction platforms interoperable with IT security solutions by 2025. As organizations better understand the risks in their connected systems and leverage multifunction security platforms, the gaps between IT and OT will diminish and operations will improve.
Originally published at https://www.forbes.com.