Cyber-attacks and OT – safeguard this new feeding ground

Johan Potgieter, cluster industrial software leader at Schneider Electric

Before the advent of Industrial Internet of Things (IIoT), Operation Technology (OT) was safeguarded against most cyberattacks.  OT systems’ propriety nature, standards and hard-wired connectivity protected it against malicious attacks.

Cyber threats and incidents are a major operating and business risk for every digital enterprise. In age the of digitisation, creating and executing a strategy that allows you to see, reduce, and respond to cyber threats and risks is critical for achieving your financial objectives.

Now, we’re entering unchartered waters – the widespread integration of embedded devices and OT networks with corporate or IT infrastructure has created a new feeding ground for hackers.  Every endpoint in a factory or facility opens a path for accessing industrial controls with devasting effect.

An attack in the OT space can have direct impact on its physical surroundings such as a full grid outage or, in the most extreme cases, the loss of human life.  According to research authority Gartner, understanding digital risk means looking well beyond a sole connected object or database, identifying risk across your full extended digital enterprise.

“This end-to-end ecosystem includes supply chain and partners. Just as important, you must be able to communicate a clear digital risk strategy across your company and to your Board. After all, 78% percent of Board decisions are regularly influenced by risk data,” comments Gartner.

The antagonists

OT environments and devices are now faced with an alarming smorgasbord of vulnerabilities that include:

  • Wide systems attack surface – attackers aim to infiltrate and manipulate not just an individual company, but its entire ecosystem.  As mentioned, in today’s digital factory, there are hundreds —and even thousands — of connected devices now has an entry point which provides hackers have access to said ecosystem.
  • Legacy infrastructure – many of the systems that control the world’s most critical operations were installed and developed decades ago, before the advent of the IIoT These systems are built for the long haul and will properly run until plants are decommissioned.
  • Unique weaknesses – today’s industrial companies are faced with the reality that OT cyberattacks often target unique weaknesses for a very precise impact. Industrial hackers often focus more resources on attacking a specific weakness in a rare device to aim at a single target.
  • Exposure to third-party access – Compared to IT, OT environments are more likely to rely on vendors for ongoing support but less likely to formally manage the associated external risks. These vendors are often granted privileged access through their own laptops and USB devices, the Internet, or fully hosted environments with little control.

Effectively managing the risks

Considering the above, it’s clear that OT risks need to be dealt with proactively.  Whilst some practices might seem downright obvious, it forms an integral part of protecting OT environments.

For example, stricter password policies, basic training to employees and cybersecurity terms within suppliers’ contracts are all fundamental steps that can have a big impact on securing an ecosystem. Here are some recommended steps for securing the OT environment:

 

  1. Network segmentation

One of the most secure steps is network segmentation which include conduits and zone systems.   The factor is essentially divided into zones, with each being isolated from one another.

To allow the information to circulate, channels (conduits) are created between the different zones. These conduits allow only specific information to circulate, enabling the user to monitor it while blocking the rest of the incoming or outgoing information.

If attackers or malware have breached one zone, they will find difficult to pivot to another zone if controls such as a properly configured data diode, firewall, IPS, or IDS are in place.

  1. People and operating models

Human error and unintentional actions are estimated to be responsible for more than a fourth of network incidents. It is essential to implement mandatory, ongoing training that is consistently and continually adapted depending on the expected cybersecurity involvement of the worker.

Also, policies should be created and enforced to help formalise standards and guidelines.

Avoiding the cascading effect

There have been instances where cyberattacks where initially aimed at PCs and propagated to OT that are lot harder to protect and to patch. Here, the abovementioned network segmentation is a proven method to avoid the cascading effect.

Securing legacy infrastructure

How do you address the hurdles of legacy systems, particularly those have been designed to last 30 years or more?

The solution is to find practical and economically feasible solutions to protect legacy systems against potential vulnerabilities:

  • Keep all programming software locked in cabinets don’t connect it to any network other than the network that the devices are intended for.
  • Implement physical controls such that no unauthorised person has access to the systems.
  • Put control and safety system networks and remote devices behind firewalls., physically and logically segmenting it from the business network.
  • Scan all methods of mobile data exchange such as CDs or USB drives with an isolated endpoint running the latest antivirus signatures before authorising access to the OT environments.

At Schneider Electric our OT solutions focus on Permission, Protection, Detection and Response which in turn protect people, process and technology, ensuring industrial environments are safeguarded against targeted and malicious attacks.

 

By Johan Potgieter, cluster industrial software leader at Schneider Electric