We’ve heard it before, but it’s worth repeating: The air gap between OT and IT is dissolving. In many industries, OT and IT have already converged, even if security practices within organizations don’t reflect that convergence yet. In other industries, the convergence between managed and unmanaged device systems is a matter of time. This evolution is changing the way security and operations teams need to think about, communicate about, and manage security.
Gartner 2021 Market Guide for Operational Technology Security
Pre-convergence, many operational and ICS devices that controlled and monitored equipment, assets, and industrial processes were analog—or digital assets on their own network—with an air gap separating them from IT. Even now, a substantial number of OT and ICS devices are operating on legacy technology and are managed by teams focused on optimizing uptime and efficiency rather than managing security.
As the air gap between OT and IT shrinks and disappears, however, securing these systems is critical. Especially when you consider the critical infrastructure and industry assets they support.
OT/ICS convergence with IT systems creates new cyber risks in two general ways. One risk is that attackers will exploit vulnerabilities in OT/ICS/IoT devices to directly access or hijack them and pivot to attack the IT network.
The other risk is a reverse situation where attackers gain access to a target IT network and then pivot to theOT network. These types of attacks can lead to significant real-world harm. Just consider that the Colonial Pipeline ransomware attack in 2021 was so disruptive in part due to related fears. Because the attackers infiltrated the IT network using VPN credentials, cybersecurity experts were concerned they also potentially accessed OT assets and might havecontrol of the pipeline’s operations. For public safety, the pipeline was shut down while investigators assessed the extent of the intrusion.
The Colonial Pipeline breach stands out for the level of disruption it caused, but it’s not the only recent incident that shows the risks associated with OT/IT convergence. Attacks on a Florida water utility and a meat processor show the scope of the need for comprehensive device management.
These risks have grown because security solutions and practices haven’t kept up with the rapid evolution and adoption of IT-connected OT and ICS devices. While dozens of security solutions can identify and manage assets, they are fragmented by device type, criteria, and integration capabilities, creating invisible gaps in organization-wide security. Complicating matters even more is the fact that traditional IT network scans can cause some OT devices to malfunction or go offline—a nonstarter in a space where maintaining uptime is a top priority.
In addition to fragmented and problematic solutions, we’ve seen a rapid proliferation of unmanaged, IoT, remote, and virtual devices. Armis calculates that 90% of devices in enterprise environments are now unmanageable with legacy IT security solutions—adding to the potential vulnerabilities that organizations can’t see.
Closing the security gaps between OT and IT starts with taking a complete inventory of every device in your environment. But you need more than a list of assets, you also need to know the manufacturer, OS, current software version, and other metadata for each device. Given the thousands of devices in the marketplace, you can expedite accurate classification with access to an extensive Device Knowledgebase.
Once key device details are in hand, it’s time for a risk assessment.. It’s important to use this comprehensive approach because OT and ICS devices have different risk factors than IT devices, such as:
For example, in the VxWorks OS, half a dozen critical URGENT/11 vulnerabilities can lead to remote code execution (RCE) by attackers, enabling them to send malware past firewalls to infect networks.
In the case of URGENT/11, Armis collaborated with Wind River, the company that maintains VxWorks, to release an update with vulnerability patches. Unfortunately, not every device OS gets this kind of attention and resource, so many OT devices remain vulnerable through the end of their lifecycle.
WIth ICS, IIoT, and OT devices, shadow installations across departments are all too common and fraught with potential risks to the organization due to a lack of proper oversight from IT On the lighter side, an Illinois high school student recently Rickrolled every connected display device in his school district, using default passwords and privilege escalation vulnerabilities. But these same tactics can be used to cause serious damage to industrial operations, healthcare devices, and utilities. That’s why CISA has deemed the use of default passwords an “exceptionally risky” bad practice—one that many non-IT people don’t even realize is a problem.
Ransomware and other attacks pose constant threats to operations, plant safety, and sometimes even public safety. That’s why scheduled scans won’t cut it. OT and ICS devices require real-time monitoring that doesn’t interfere with uptime. The ability to track data traffic from devices to unusual destinations or networks is critical as are timely alerts about unexpected device behavior.
Without complete visibility of all OT and IT devices, plant operations and security teams will have a difficult time collaborating to secure networks. They will also face big challenges with keeping OT devices up to date and responding to threats or security incidents. But effective OT security is about more than device visibility; a good platform will easily integrate with existing IT asset management platforms to make it easier for IT to prioritize device risks and responses, ensure compliance, and move quickly when there’s an urgent threat.
That’s why Gartner’s 2021 Market Guide for Operational Technology Security recommends that organizations “accelerate IT/OT security stack convergence” by identifying the security solutions they already use and evaluating OT security options based on “interoperability with their IT security tools.”
Identify, assess, monitor, and secure every OT and ICS device in your environment, while maintaining uptime and managing all your device data from one integrated platform. Learn more about the Armis solution for OT asset management.
Sign up to receive the latest news