As we have discussed in previous articles on our blog, smart technologies are advancing at a precedential speed. New technologies and IoT devices allow operational technology infrastructures to connect to the information technology (IT) realm, receiving data and controls from Internet-connected devices. While this creates amazing opportunities and technological advancement, such as simplified process control, real-time visibility, and decreased unplanned downtime, connecting OT devices to the Internet makes them vulnerable to an additional world of threats and attack types. Companies and facilities must strictly protect their industrial control system (ICS) and SCADA networks, since a breach can cause damage to an electrical grid, an oil rig, or even to emergency services systems during a crisis.
Questions about IT/OT convergence arise, exploring the blurred area where IT ends and OT begins. Here are four big security concerns pertaining to IT/OT convergence:
1. IoT is EVERYWHEREThe rise of IoT is happening, and many organizations have IoT devices connected to their ICS networks. But unlike OT network components, IoT devices are meant to be widely distributed and part of consumers’ daily lives. The outcome? Millions of vulnerable devices with weak protocols, whose manufacturers have probably sacrificed much of their security for quick production, low costs, and fast market introduction. Attackers can use IoT devices as easy entry points to infiltrate the organization’s network, and to reach its OT areas.
2. Threats made for OT/ICS NetworksCyber threat groups are taking advantage of the ease of access that IT/OT convergence creates, and are inventing advanced attacks that are able to critically damage or shut down OT networks. Attacks for OT/ICS networks range from ransomware (such as LockerGaga), botnets and wipers, to data exfiltration and network reconnaissance tools. BlackEnergy, for instance, was used in a massive DDoS attack against an electrical power grid in Ukraine, leaving a whole district without power for six hours.
3. Different Priorities – One System
To aptly secure an entire system, its security priorities should be compatible throughout the network. The problem is - IT and OT have different ones. In the IT realm, the top security priority is protecting data. The OT realm’s top priority, on the other hand, is availability. Control processes, production and supply plants must be working constantly, leaving little room to take the whole network online to patch or update. The consequence is obvious – extremely vulnerable networks.
4. Tracking and Identifying RiskPretty much all security professionals are experts in the IT realm, but finding an expert on OT environment security is quite the challenge. The whole cyber security industry is dealing with a skill gap, but the lack of professionals experienced with OT systems creates a lack of the proper security expertise within organizations. This situation barres most organizations from accurately identifying, measuring and tracking risk, both on the internal network support side, and the customer-facing side of things.
Facing these challenges, organizations with industrial networks can take a critical, active approach to reinforcing their security. The first step is understanding how IT and OT networks operate together, and identifying their meeting points to gain visibility to risk areas. Next, a strong layer of IT security will promise a guard of all entry points to the network, so that no malware or hacker will be able to enter. Finally, gaining visibility into all areas of the network will help operators see, understand and protect the different areas of the network, and the most important (and most vulnerable) parts.