For IT professionals already working closely with Operational Technology, this blog will seem a little like sucking eggs. However, if you’re like most of people, you won’t have previously had to consider Operational Technology, or “OT”, or it’s been someone else’s bag, then you’ll find this an interesting read.
OT is the backbone of critical infrastructure in numerous sectors, like manufacturing, oil & gas, energy, utilities and transportation. Unlike attacks on IT environments, OT breaches can have life-threatening consequences, which is why OT and IT priorities differ; in IT, we are all about managing risk, but in the OT world, it’s all about the safety and availability of systems.
Shockingly, 75% of OT organisations experienced a breach in the past 12 months, and 11% of OT organisations reported six or more breaches. Cyberattacks on OT can result in operational downtime, reputational damage and supply chain disruption, which all have severe financial implications for other organisations, often consumers, and sometimes national infrastructures. You only need look to the Colonial Pipeline Co. attack of 2021 for a poignant illustration; it was caused by a leaked password and lack of MFA via a traditional VPN and resulted in the US East Coast being cut off from its supply of petroleum for several days, causing consumer panic and soaring prices at the pumps!
The thing is though, OT has always been there, it’s just come crashing into the IT world more recently due to those machines now being “online” and therefore susceptible to the same types of attacks as our IT environments. Only, OT cannot be protected in the same way that IT can; it generally doesn’t have recognised operating systems, often sits in air–gapped network spaces, is operated by OT professionals, and is often running legacy software. Understanding the unique challenges that securing OT poses and implementing robust and appropriate cybersecurity measures is an organisational imperative for safeguarding our critical infrastructure. In the remainder of this blog, I‘ll delve deeper into the evolving landscape of OT cybersecurity, exploring real-world examples, emerging trends, and effective solutions to protect against cyber threats. It’s no wonder that the UK’s NCSC decided to warn us of the emerging threat to critical national infrastructure back in April 2023.
Running legacy systems is par for the course in OT environments and the COVID pandemic thrust upon us the need to be able to remotely access these systems securely. Probably for the first time. How do you achieve this when the systems you are connecting to are obscure in an IT context? Well, many solutions have been tried, tested and implemented and now secure remote access to OT is as much a reality as it is to IT. There are a range of solutions in play from more traditional VPN tools to the more modern secure remote access solutions that are integrated with the IT identity and access management platform used by the organisation. This enables essential zero trust principles to be employed for OT.
OLDSMAR WATER TREATMENT FACILITY, 2021
“Attackers planted malicious code on a water utility contractor site using vulnerable WordPress plugins. When an Oldsmar city employee visited the site, the code profiled the computer and allowed the attacker to exploit weaknesses like poor password security and outdated Windows 7 OS. The attacker then attempted to poison the water supply by increasing the level of lye in the water.”
In the quest for secure remote access, innovative technology providers like Cyolo and OPSWAT offer highly credible, secure options for OT professionals and their IT compadres; their advanced technologies integrate with an organisation’s existing environment to accommodate the wide range of protocols common to OT environments. These purpose-built platforms enable OT and IT workers to securely access the resources essential for their work, ensuring a seamless workflow without compromising the security of their organisation.
“Cyolo helped us to quickly adapt to a new reality of a remote workforce, with a hassle-free, speedy global implementation. With diverse users, including third parties, we were able to ensure productivity and maintain business continuity, without compromising our security.”
In this example, Cyolo replaced the existing VPN and provided safe and secure access to sensitive and internal applications for a global leader in the field of smart energy. The implementation and configuration process was completed in only 10 minutes and enabled access for every approved user without exposing the organisational network.
USB devices are consistently listed as one of the top cybersecurity vulnerabilities in IT as well as the OT environments of critical infrastructure. Removable media and transient devices, (such as USB drives) pose significant risks by potentially harbouring infected files, concealed malware, and malicious hardware or firmware. According to recent research, the average manufacturing employee can access over 27,000 sensitive files (e.g. financial data) on their first day of the job. These vulnerabilities are especially concerning as business stakeholders often require access to industrial operational data, inadvertently compromising network segmentation and breaching air-gaps.
Unexpected downtime can be dangerous, destructive, and costly, for example unplanned downtime in manufacturing is estimated to cost $50 billion per year. The same can be said for unauthorised access as it can be very difficult to find a threat actor’s footprint and root them out once they have bypassed security controls and entered a system or network.
Industrial Control System (ICS) environments also serve as a gateway to organisations holding sensitive data, such as corporate and government IT networks. A breach in these systems could result in significant consequences for the affected organisation, including economic losses, reputational damage, and potential national security implications.
OPSWAT’s technologies, purpose-built for critical infrastructure cybersecurity, assures security and minimises risks by leveraging 30+ antimalware engines and file vulnerability assessment, preventing unsafe files and binaries from causing harm. OPSWAT’s cybersecurity measures act as a shield, ensuring that removable media is thoroughly scanned for any malicious content before gaining access to critical systems. If you accept that most malware executes via some sort of file, OPSWAT’s approach is to cut the attacker off at the knees – prevent malicious files from executing and you prevent the consequences. To really punctuate the level of efficacy and trust in these solutions, OPSWAT’s technologies have safeguarded 98% of America’s nuclear facilities effectively over the years.
Organisations often struggle with the complexities of network visibility and architecture. In air–gapped locations without Wi-Fi connection and IT enablement, organisations with an OT environment struggle to see the data and the network traffic that is moving around their infrastructure. This becomes highly challenging when they are trying to prevent OT from being compromised and ensuring the safety of their systems and people working or relying on them. If a blind spot leads to system outages, organisations can be faced with, on average, $300,000 per hour of downtime. And if blind spots open the door for attackers to launch a data breach, the global average cost of a data breach is $3.92 million.
Network packet visibility enables the untangling of the web of inefficiencies and clearer visibility into the environment. Garland Technology, a provider who purpose builds technology for OT environments, solves this problem by creating a bridge between OT and IT. Garland Technology utilise network TAPs which are connected between two network appliances, like switches, routers, or firewalls. Returning to OPSWAT’s portfolio, whose Neuralyzer platform is purpose-built for monitoring, vulnerability detection and OT risk management, when combined with Garland Technology, organisations can achieve a level of visibility and management of their critical infrastructure that was previously unachievable.
The utilities industry is a serious target for cyber-attacks because of the potential disruption it can cause to nations and the threat to human life. For example, an attack on the US Colonial Pipeline resulted in them paying a £3.1 million ransom because the pipeline carries 45% of the East Coast’s supply of diesel, petrol and jet fuel.
Garland Technology recently undertook a project for a prominent multinational oil and gas company, where the objective was to deploy data diodes to fortify network access points. The incorporation of a robust network visibility fabric not only introduced secure visibility into an aging infrastructure but also streamlined connectivity complexities, leading to enhanced performance. This initiative played a crucial role in bridging the gap between OT and IT departments – ultimately bolstering defences against cybersecurity risks.
By implementing Garland Technology’s solutions alongside IT software like OPSWAT’s Neuralyzer or LogRhythm’s SIEM, organisations can gain full visibility and instrument the network in the most cost-effective manner, paving the way for informed decision-making and operational excellence.
Safeguarding Operational Technology is not just a corporate imperative; it is a critical step in ensuring the resilience of our essential infrastructure. The alarming statistics of OT breaches, coupled with the potential life-threatening consequences, emphasise the urgent need for effective cybersecurity measures.
Want to find out more? Reach out to a member of Distology to book in an enablement session.
