Over the past decade, there has been a slow yet steady paradigm shift towards the convergence of IT and OT Security. Read on to know more about it…
In the past, Information Technology (IT) and Operational Technology (OT) was managed separately in silos in various organisations without any interdependence on one another. However, a gradual but consistent paradigm change has occurred during the last decade. There are several components in the converging world of IT and OT which includes a network of sensors, instruments, and devices that collect and communicate data for usage in a variety of industries, including manufacturing, oil and gas, transportation, energy and others.
The Security Factor
In addition to all of the advantages, IT/OT convergence allowed OT devices to be accessed from the IT network via lateral movement. However, as the distinctions between IT and OT become increasingly blurred, the attack surface of integrated IT and OT systems continues to grows. The internet is the most prevalent way for hackers to get access to these systems. Malicious hackers are triggered by this because they knew the massive impact they would have, as well as the financial gain and publicity they would acquire.
With the introduction of Industrial Internet-of-Things (IIoT), every Industrial Control Systems (ICS) based sensor, instrument, and device that can be accessed over an IT/OT network is vulnerable to botnets that can be used to launch targeted attacks on Critical Infrastructure (CI) such as energy grids, power plants, water and waste management systems, food processing plants, and transportation networks.
Human-Machine interface (HMI), are commonly networked to various IT infrastructures to connect human operators to Industrial Control Systems. HMIs are vulnerable to IP-based vulnerabilities such as authentication bypass, weak session management, unsecured ICS communication protocoling, and insufficient control traffic encryption because they are accessible from internet-facing business networks.
Malware built expressly to target and attack critical infrastructure is commonly used by attackers to breach the ICS systems. Denial-of-service (DoS) attacks frequently result from these infiltrations, paralysing or completely halting the industrial operations. ICS and connected IIoT devices are also high-value targets for attackers attempting to destroy competing countries by getting access to sensitive information or extort money.
Aftereffects of Security Breaches
Security breaches on ICS have even more serious consequences than the conventional breaches that we are most concerned about.
Consider the consequences of a cyberattack that knocks out an entire city’s or region’s power grid, or one that causes a nuclear power plant to explode by disabling safety systems designed to prevent a catastrophic accident, or one that causes sewage to flow into an urban area’s water distribution system.
OT Threat Detection & Incident Response
Cybersecurity experts proposed many security solutions to allow real-time detection of such cyber-threats. The so-called “air-gap” that separates IT and OT systems is the most common.
In reality, however, Stuxnet malware attack demonstrated that the cyber-threat surface is not eradicated even when a “air-gap” exists. One reason for this is because to ensure error-free operation, software patches and upgrades must be provided to OT devices such as Programmable Logic Controllers (PLC) or workstations.
Visibility is the first step in detecting cyber-threats in OT systems. Several utilities have a limited view of their OT system’s architecture and services. To address this problem, a new market for OT Intrusion Detection Systems (IDS) was created. The market began with passive data, which involves listening to network traffic and reconstructing the network architecture. Abnormal behaviours can be intercepted with no interruption on the industrial process when passive monitoring is combined with profiling techniques for learning the network data.
Even when all of the required security and detection techniques are in place, incident response and orchestration remain the most key challenge. The semantics of the industrial processes that are running on critical devices must be included in OT threat analysis, in addition to suspicious activities like unauthorized communication and anomalous behaviour. Even though nothing odd happened on the Siemens PLC or network level in the Stuxnet malware incident, the motor frequency was nonetheless outside of operational limits. The difficulty increases when we consider that an analyst should additionally determine whether the suspicious activities is due to an operator error or a real cyber threat.
Conclusion
Convergence of IT and OT is critical for industrial businesses to realise a various benefits and to enable digital transformation journeys. It’s crucial to prove the concept on the IT network first, where conditions are more forgiving, before deploying to the OT network, where uptime is critical.
An email system outage is inconvenient, but a manufacturing environment breakdown can result in wasted product, damaged equipment, loss of revenue or worse. Manufacturing systems should have unique security requirements that must be addressed in IT-OT convergence security policies.
Because the consequences of a security breach might be so devastating, safeguarding ICS should be a top priority for government agencies and organisations.