With the Industry 4.0 megatrend, the energy, oil and gas, and manufacturing sectors across Asia are rapidly digitizing their operations. This transformation is necessary for companies to remain competitive through optimization and automation, particularly in light of the pandemic.
As the digitization trend continues, executives are sharpening their focus on cybersecurity to balance the risks of converging IT and operational technology (OT) with the many benefits it provides. This convergence exposes many systems such as safety instrumented systems (SIS), water flow meters, and hydraulic pumps along with vital information in data lakes, all of which is at risk of exploitation by threat actors.
While IT breaches typically take up more headlines, OT breaches can be far more critical, with the potential for successful attacks resulting in physical injury, harm, and death.
According to SANS 2019 State of OT/ICS Cybersecurity Survey, more than 50% of respondents across Asia perceive the level of OT and industrial control systems (ICS) cyber risk to their company's risk profile as either critical or high. One of the reasons for this shift in the threat landscape for critical infrastructure and key resources is the rise in geopolitical tensions.
For example, in 2019, US Cyber Command responded to a Russian threat actor's (Xenotime) activities threatening the US energy grid. Xenotime changed tactics, techniques and procedures (TTPs) and crossed borders and verticals from the Middle East oil and gas industry to the Asian and US energy and manufacturing sectors. The increase in attacks targeting ICS has highlighted gaps in OT security.
In this three-part series, I'll chronicle the digital transformation journeys that different organizations undertake, and provide a blueprint for Asian enterprises to incorporate OT and IoT security. These companies typically focus on three critical steps:
- Identify and protect its ‘crown jewels'
- Prepare a holistic cybersecurity transformation with a focus on IT/OT SOC integration
- Enhance operational efficiency and take measured steps towards preventative maintenance
Since we cannot manage what we cannot see, this article introduces the critical first steps of safely gaining asset and network visibility, and protecting it. In the subsequent articles, I will go into more detail on items two and three to provide a better understanding of how to build a resilient cybersecurity posture for organizations with industrial control systems.
There are several challenges in securing today's OT networks:
- While IT teams tend to have visibility on IT assets managed centrally at data centers, they have difficulty in obtaining a real-time view of OT assets. The nature of OT is that its assets can span a sweeping geographical footprint so the operators cannot easily identify and secure their vital critical assets.
- OT environments often consist of legacy equipment that can be sensitive to many types of network traffic. In some instances, these common IT solutions may slow the devices that keep the plant running safely. Even scant pinging or scanning of devices for vulnerabilities have created significant outages. With these risks, plant managers are hesitant to allow unproven solutions in their plant.
- OT cyberattacks have additional subtleties to typical IT incidences. Some are operational where the event may be accidental, such as a misconfigured device. Other threats may involve proprietary protocols whose communications cannot be evaluated by IT security tools.
When selecting an OT security and visibility solution to overcome these challenges, organizations should consider cyber solutions built and developed within the OT environment. They should also:
- Provide comprehensive OT network visualization and asset inventory without risk to the industrial process.
Asset inventory capabilities can identify characteristics such as device type and manufacturer, while network visualization can help quickly determine micro-segmentation requirements and provide a more comprehensive view of the topology.
- Deliver superior real-time OT and IoT threat monitoring that shortens the mean time to detection and response.
AI and machine learning can identify and alert known threats and anomalous events. With machine learning algorithms, critical assets and operational states are baselined so that even unknown activities are detected. An example is identifying unauthorized operational behaviour that may impact operations, e.g. online edits of programmable logic controller (PLC) actions such as start and stop.
- Deploy quickly and easily with mature technology that is ISO 9001 certified.
In summary, the initial steps in fingerprinting and mapping assets can help staff gain real-time visibility into their environment, enhance threat detection, and often satisfy audit and compliance requirements.
This insight provides a path for Asian organizations to advance their cybersecurity maturity, to optimize their environment for reliability and cost efficiency, and to strengthen their security posture as organizations digitally transform their operations.