The increasing frequency and sophistication of successful OT cyberattacks is a wake-up call for all plant operators, control engineers, IT network operators and cybersecurity teams, both in IT (Information Technology) and OT (Operational Technology).
Deep but weak defenses from the network edge to the data center across the increasing number of managed and unmanaged devices and assets in today’s production and utility networks give attackers the upper hand to launch attacks. Protecting human life, avoiding environmental hazards, and minimizing disruption to processes and operations are all aspects to consider when protecting against today’s cyber threats. To proactively secure mission-critical OT, organizations should consider the following as they plan their cybersecurity strategies for 2022 and beyond.
#1: The attack surface is getting bigger
Several factors have contributed to the massive expansion of the global cyber attack surface. The development towards Industry 4.0 with its focus on process automation and data acquisition and exchange in real time plays a paramount role. The existing circumstances favor a wave of attacks on ICS, OT, IIoT and IoT systems that are no longer proprietary, isolated or on shielded networks. With IT/OT convergence, networked control systems are now intermingled with IT-bound enterprise networks, leading to additional security risks from cross-contamination of traffic from LAN, WAN, Internet, Wi-Fi, control networks, and CIP protocols.
The problem is that in most OT ecosystems, cybersecurity hygiene is limited. Typical security measures such as AV, EDR, SIEM, SOAR and SSO solutions including authentication, authorization and auditing (AAA) services are of little use. Organizations must adopt effective tactics, techniques and procedures (TTPs) designed specifically for OT to protect their assets. And that effort requires a rethink of security principles based on OT priorities: Availability, Integrity, Confidentiality.
#2: Ransomware as the cyberweapon of choice
Ransomware may have been around for nearly two decades, but it’s definitely not a thing of the past. The simplicity of ransomware services coupled with their potential for profitability, as well as the mainstreaming of remote work during the COVID-19 pandemic, has made ransomware a weapon of choice for attackers. According to the US Treasury Department, ransomware activity in the first six months of 2021 totaled $590 million, dwarfing the $416 million in activity for all of 2020.
2021 insights show that criminal threat actors are leveraging machine learning and relying on coordinated exploit sharing on the dark web to further refine their phishing exploits. The development of cryptocurrencies has made the situation worse, as criminals can now easily hide digital payouts without fear of law enforcement intervention.
#3: Regulations are getting stricter
Government regulations are evolving rapidly in response to businesses shifting to more remote operations during the pandemic. These dynamics can lead to further challenges for OT operations. The government has established clear guidelines for safe design and risk assessment with the ISA/IEC 62443, NERC CIP, NIST 800-53, ISO 270001, ISA/IEC 62443, TSA Pipeline, DHS CFATS and ISA S99 series of standards. All of these specifications point to the standardized NIST Cyber Security Framework (CSF), which many companies have yet to adopt.
To defend against cyber threats and address OT/IT convergence, owners of critical ICS infrastructure should adopt a comprehensive risk framework that includes standard concepts such as security by design, defense-in-depth, and zero trust.