The increasing frequency and sophistication of successful OT cyberattacks serves as a wake-up call to all asset operators, controls engineering teams, IT network operations, and cybersecurity teams, IT and OT alike. Feeble in-depth defenses from the edge to the data center across proliferating managed and unmanaged devices and assets in today’s manufacturing and utility networks gives adversaries an upper hand for easily perpetrating attacks. Ensuring critical safety of life, preventing environmental hazards, and minimizing interruptions to processes and operations are all considerations when securing against today’s cyber threats. To proactively secure mission critical OT, organizations need to consider the following points as they plan their cybersecurity strategies for 2022 and beyond.
Several factors have contributed to the massive expansion of the global cyberattack surface. The move toward Industry 4.0, with its emphasis on process automation and real-time data gathering and exchange plays an outsized role. Existing circumstances are ripe for a tsunami of attacks against ICS, OT, IIoT, and IoT systems that are no longer proprietary, isolated, or on air-gapped networks. With IT/OT convergence, interconnected control systems now co-mingle with IT boundary business networks, leading to additional security risks from cross contamination of traffic from LAN, WAN, Internet, Wi-Fi, control networks, and CIP protocols.
The problem is that in most OT ecosystems cybersecurity hygiene is limited. And typical security measures, such as AV, EDR, SIEM, SOAR, and SSO solutions, including authentication, authorization, and auditing (AAA) services, are of little use. Asset owners need to establish effective tactics, techniques, and procedures (TTPs) that are purpose-built for OT. And these efforts require a mindset shift in security principles based on OT priorities; availability, integrity, confidentiality rather than the opposite.
Ransomware has been around for almost two decades, but it’s definitely not old news. The ease of ransomware services combined with its profitability potential and the remote nature of work throughout the COVID-19 pandemic has made ransomware a go-to weapon for attackers. Just consider that the U.S. Department of the Treasury reported that the $590 million in ransomware activity during the first six months of 2021 completely eclipsed the $416 million in activity for the entirety of 2020.1
The evidence in 2021 showed that criminal threat actors are using machine learning and relying on the coordinated sharing of exploits on the dark web to increase their phishing exploit sophistication. The evolution of cryptocurrencies has made matters worse by allowing criminals to easily hide digital payouts with little risk of intervention from law enforcement.
Government regulations are rapidly advancing in response to organizational shifts toward more remote operations during the pandemic. This dynamic may create more challenges for OT operations. The government has provided clear guidance on secure design and risk assessments through the ISA/IEC 62443, NERC CIP, NIST 800-53, ISO 270001, ISA/IEC 62443, TSA Pipeline, DHS CFATS, and ISA S99 series of standards. All these specifications point to the standardized NIST standardized Cyber Security Framework (CSF), which many organizations have yet to adopt.
To counter cyber threats and address OT/IT convergence, critical infrastructure ICS asset owners should apply a comprehensive risk framework including standard concepts such as security by design, defense-in-depth, and Zero Trust.
The Armis platform has been purpose-built to protect both OT and IT environments, and can help you accelerate your organization’s adoption of Industry 4.0.. Book a demo or visit Armis.com for more information.
Source1 Financial Trend Analysis: Ransomware Trends in Bank Secrecy Act Data Between January 2021 and June 2021, U.S. Treasury Financial Crimes Enforcement Network, October 2021.
Sign up to receive the latest news