Identifying what’s on your network and detecting if any issues arise is important, but isn’t it ideal to prevent an issue in the first place?
Shadow OT can leave anyone suddenly put in charge of cybersecurity for industrial control systems (ICS) feeling overwhelmed. While visibility is the logical first step to understanding what’s on your OT network and finding known vulnerabilities, prevention is what protects your expensive machines and keeps production from coming to a halt.
OT attacks are smarter, bolder, and more frequent
According to TXOne Network’s Cybersecurity Reports, the number of ICS-CERT advisories has grown exponentially over the past decade and nearly doubled just from 2020-2021. The most recent report indicates that 94% of IT security incidents in critical industries have also impacted the OT environment as IT and OT become more integrated.
This evolving threat landscape doesn’t leave much time for OT-enabled facilities to figure out an ICS defense strategy and put it into action. Experts are scarce and suddenly many IT security professionals are challenged with a very different security environment. That’s why OT/ICS networks need “defense-in-depth” protection more than ever. Not only to prevent intruders from entering the network and malware from spreading, but also to keep high-value assets running and performing as intended.
Attackers will find a way
In this new world, we’re seeing threat actors advancing their strategies to exploit vulnerabilities of OT environments. In one instance, state-sponsored actors intercepted the shipment of a brand-new OT asset and infected the device with malware. Innocently enough, the end user immediately brought this new device into production and compromised the OT network. By understanding the OT threat vectors, we as an industry can implement preventative measures to protect an incident from even occurring in the first place.
One of the most common attack vectors is what I call a “bleed-over attack.” This is when ransomware or other malware enters the IT network and then bleeds over to the OT network, stopping production. Another type is the “insider threat.” This could be an employee or a third-party vendor, innocently or not, that attaches an infected laptop or thumb drive to an OT device that infects the network.
What can go wrong
Putting ourselves in the shoes of industrial operators or plant managers, we must realize that downtime is never an option. While any organization faces challenges when its IT systems and data are locked down, the consequences for an OT attack can be detrimental.
Once an OT environment is accessed, programming can be changed, machines destroyed, or the behavior of technicians can be manipulated, putting production at risk, or most importantly, jeopardizing human safety.
Utilize OT-native cyber defenses
Traditionally, cybersecurity sees everything as a software problem that requires a software solution. But in the physical world of automated factories or infrastructure operations, it’s all about the machine. All the attack vectors described earlier need a multi-pronged defense strategy that goes beyond just visibility and gives you tools to both prevent and respond.
- Inspect everything. Sounds daunting, but with the right portable USB scanning devices, you can quickly ensure new OT assets or vendor devices are safe before entering your network. Make device security inspections a policy that’s easy and practical to implement. Provide portable scanning devices to vulnerable locations and security checkpoints.
- Protect the endpoints with AV for OT. IT solutions are not lightweight enough and can’t support legacy OS or unpatched devices. Nor can they prevent system latency that negatively impacts production. Protect ICS endpoints by deploying an AV software solution that is built for OT to address these challenges while detecting unexpected system changes, such as malware, unauthorized access, human error, or device reconfigurations, and preventing them before they impact the operation.
- Supplement your IT firewall with OT network defenses. In OT security, availability is everything. Deploy OT network defenses with a physical appliance that wouldn’t touch the device it’s protecting; it would simply sit on the network to detect and block any malicious activity from reaching production assets.
Taking a proactive approach
OT/ICS environments are target-rich for bad actors and increasingly vulnerable with Industry4.0 and digital transformation. You cannot protect your operation simply by watching. You’ll need a multi-layered, multi-pronged, defense-in-depth approach to be effective that accounts for both OT visibility and OT protection.
Learn more about TXOne’s OT defense-in-depth cybersecurity solutions at www.txone.com