Why OT cybersecurity should be a high priority
Cyberattacks on operational equipment, processes, systems, and platforms continue to rise. Hackers are targeting operational technology (OT), resulting in disorder and sometimes destruction. Many operating environments are left vulnerable because of a lack of means to detect and respond to these cyber intrusions. You’ve likely heard about the SolarWinds and Colonial Pipeline attacks, and there are many more examples added to the list of significant breaches every day. Coupled with legacy infrastructure and rapid digitisation in this space, a significant threat looms and it is only a matter of time before the impact of an OT cybersecurity breach proves disastrous. Beyond accessing and exploiting data, OT attacks create a level of disruption not seen before. The consequences of an OT cybersecurity breach have far-reaching implications; when the bad guys target assets that are essential for a functioning economy and society, the stakes are raised significantly. Traditionally, cybercriminals have set their sights on Information Technology (IT) to access data and information that can be stolen and used for their continued benefit. In addition to targeting data and information, OT focused cybercrime is also about gaining control of software or hardware that regulates physical systems and processes within critical infrastructure. Disruptions across platforms and systems that operate water and electricity plants, oil and gas plants, transportation systems, and mining equipment can and do affect communities, towns and cities. What makes OT so vulnerable? If it’s digitised, it’s a risk. Industry OT assets are evolving from legacy systems with outdated hardware and unpatched configurations to include new technologies that can leave gaps for hackers to leverage. Infrastructure sourced from multiple vendors without security considerations leaves open vulnerabilities that are notoriously hard to protect. The complexity of OT network assets means organisations frequently struggle to gain visibility of their operations, making it even harder to detect an intrusion. IT updates and vulnerability patching can be done on the fly; this isn’t the case for OT assets, which have longer lifecycles and less flexibility than IT assets, creating security holes and increasing exposure to threats. In the event of an IT breach, software can be turned off or isolated, but it’s not that simple to flick the switch on a critical service when availability is essential. For the organisations that provide these services, the risk of losing customers due to a breach might be high, but the cost of damage to reputation and equipment can be far more destructive to the business. Overcoming the OT cybersecurity challenges Proactive awareness and education are key. OT asset operators should be made aware that cybersecurity threats and risks need to be mitigated in the same way as occupational health and safety issues. In many ways, the risk of an OT breach is an occupational health and safety issue, as an attack could result in injury or even death. Placing cybersecurity on the list of formal training and education topics for employees will help engrain knowledge and understanding. Cyberattacks on OT environments frequently begin with Social Engineering, such as Phishing emails. So the importance of cybersecurity education in helping to mitigate and reduce the impact of a digitised operational control systems breach cannot be understated. Improving collaboration between OT/IT environments While OT/IT environments are different, they are increasingly interconnected and need to work together. Aligning security standards, processes, policies, and even teams across IT/OT serves as a more robust approach in responding to threats. Creating and sharing best practices is one thing but putting them into practice is another. Providing teams with the right tools to practice proactive cybersecurity across both IT and OT will strengthen the resilience of organisations facing these threats. Prevention is better than cure. Organisations with OT/IT environments need to start by understanding their assets and associated risks. Putting in place multifactor authentication, multi-patching, malware blockers, detection software, and forensic tools will get the basics right. Following this with an OT threat and vulnerability management platform to stay ahead of evolving threats can further protect these assets from OT security threats, allowing intrusions to be immediately exposed. Coupled with an effective and appropriate OT/IT cybersecurity education program, organisations can achieve effective security that will help to prevent their essential infrastructure from significant breaches.