We’ve had multiple reminders in 2021 that digital connectivity of IT and OT infrastructure requires proportional attention risk management to proactively neutralize ransomware and full array of attack vector focused on industrial environments.
With Increased Cyber Risk, OT Leaders Have an Opportunity to Shine
With Increased Cyber Risk, OT Leaders Have an Opportunity to Shine
Rick Peters, CISO, Operational Technology, North America | Fortinet
Digital connectivity growth in the name of optimal business efficiency for Operational Technology (OT) translates into heightened cyber physical risk that can impact safety and continuous operations well beyond the scope of the normal workday. The increased pace of innovation and the drive to access greater volumes of data have produced an expanded attack surface that’s attractive to a growing number of cyber opportunists seeking to disrupt or even disable OT business. The motivation of bad actors ranges from a pure profit motivation via extortion, to testing the resilience of infrastructure, to creating a climate of uncertainty and coercing action by executives in the government and commercial sector. Headlines are compelling and amplify the success of attacks on OT infrastructure from large enterprise business in energy and manufacturing to smaller more discrete targets at the municipal utilities level. We’ve had multiple reminders in 2021 that digital connectivity of IT and OT infrastructure requires proportional attention risk management to proactively neutralize ransomware and full array of attack vector focused on industrial environments.
One of the more significant reminders this year was the attack against Colonial Pipeline in May, which led the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) to issue an advisory urging critical infrastructure (CI) asset owners and operators to take on a higher state of awareness due to the attack. Colonial Pipeline certainly isn’t the first or last of its type, and bad actors have raised cyber campaign attention given the increased opportunity and the profit that can be realized through successful disruption and theft of intellectual capital across a complete range of IT and OT sector targets. The silver lining here is that the recent magnified cyber-attack attention creates opportunity for OT leaders to excel by demonstrating their cybersecurity acumen.
Spotlight on attacks against the OT sector
Attacks on OT networks and organizations in critically important sectors heightened executive situational awareness and a demanded significantly greater attention over the past year. A recent report by ESG found that 66% of organizations reported known or suspected successful OT attacks in the last 12 months, and 44% experienced a disruption of business processes that led to cancelled orders, financial penalties and missed deliveries.
The two most prominent attacks were the aforementioned Colonial Pipeline, which resulted in temporary but severe disruption of fuel supplies, and the attack on JBS, the world’s largest meat processor. These two incidents elevated ransomware to the level of a national security concern and reportedly prompted the U.S. Department of Justice to consider treating attacks like this with the same priority as terrorist attacks.
How the OT cyber threat landscape has changed
Arguably, these two cyber incidents targeting the utilities and food manufacturing sectors exposed the cyber physical impact and illustrated loss of consumer confidence post the initial event. The bottom line is that regardless of the OT gains realized via digital connectivity, the resulting evaporation of the airgap has served to increase the number of capable cyber adversaries turning their attention toward lucrative infrastructure that is much more susceptible to attack.
Exploits against supervisory control and data acquisition (SCADA) or industrial control systems (ICS) were formerly viewed as an infrequent subset of highly structured and often nation state sponsored targeted attacks. Relying on obscurity as a defensible strategy to the extent that cybersecurity is below the line as top 5 concerns is a certain invitation to bad actors seeking to benefit and demonstrate tradecraft. Absence of a defense in depth strategy would suggest that most enterprise OT assets don’t require proportional attention to counter a surge in OT incidents. But is that perception accurate considering modern threats? It doesn’t seem to be.
Though IT-related exploits are still more prevalent and attributable to a greater number of cyber campaigns,, the level of exploitation targeting OT is growing extensively according to FortiGuard Labs recent Global Threat Landscape report. This smashes the perception that ICS exploits are an obscure niche of the cyber threat landscape.
Breaking down the silos and gaining more visibility
What we’re witnessing because of these changes in the threat landscape is an increased need for integration between enterprise solutions and operational infrastructure. In most instances, these discussions aren’t about isolation – but rather, the aggregation of data that enables security practitioners to execute cost-effective decisions. Security considerations must extend to on-premises systems to include careful examination of the increased dependence on enabled IoT and IIoT devices.
It’s also important to focus on implementing an infrastructure control strategy to restrict and contain suspicious activity or behavior. At the very least, organizations should implement zero-trust access, which permits an individual, application or device to perform a specific role or function, but strictly limits the range and level of engagement. By insisting on earned trust and time-sensitive behavioral analysis, the enforcement of policy is reinforced to limit bad actor access if system access is compromised.
OT leaders who can successfully implement such policies at a comprehensive level will be able to gain a proactive advantage over the cyber criminals and limit target impact. While it’s inevitable that cyber criminals will try to attack your organization, their success doesn’t have to be a foregone conclusion.
Strengthen your position
For many, the Colonial Pipeline attack was an eye-opener, prompting the federal government to initiate more definitive action to protect infrastructure from cyber-attack than ever before. That’s a sensible and proper response, and one that organizations should mimic.
OT cyber events have also illuminated the serious consequences of inadequate investment and lack of proactive OT security best practices. OT system owners tend to think long-term, and this will serve them well as they choose the appropriate strategies and tools. Employing a proactive strategy to protect cyber physical assets requires attention to visibility, control, and behavior analysis that will protect every point of connection to the outside world. It’s time to be as agile and determined to protect your OT as bad actors are to attack it. For the cyber heroes of OT, now is your time to shine.
About Rick Peters
Rick Peters is the CISO for Operational Technology, North America for Fortinet Inc., delivering cybersecurity defense solutions and insights for the OT/ICS/SCADA critical infrastructure environments. He is charged with overseeing growth of Fortinet’s penetration into the largest global OT marketspace. That charge entails identifying and partnering to gain traction on existing OT business campaigns as well as targeting emerging customer opportunities.
The content & opinions in this article are the author’s and do not necessarily represent the views of ManufacturingTomorrow
This post does not have any comments. Be the first to leave a comment below.
Post A Comment
You must be logged in before you can post a comment. Login now.
SafetyChain is the 1 Plant Management Platform purpose-built to improve yield, maximize productivity, and ensure compliance standards for process manufacturers. With fully integrated tools for production, safety and quality, and supplier management, our configurable cloud-based software drives real-time visibility and control to optimize performance across all of your manufacturing locations. From receiving to loadout, SafetyChain is trusted by over 1,500 facilities as their complete solution to capture, manage and analyze critical operations and continuous improvement data from anywhere, at any time, on any device.