Gone are the days, where security threat are only related to IT. With core industries moving rapidly towards IoT and connecting to various networks and sharing data, clearly, security weaknesses in Operational Technology (OT) networks are becoming a mainstream concern.
The Recent study from Kaspersky noted that 77 percent of security professionals in industrial environments believe their organizations are likely to become targets of a cybersecurity incident. At the same time, 48 percent of respondents said they do not have a specific OT/ICS incident response program while 31 percent revealed that their organizations experienced one or more incidents in 2017.
It is evident that security gaps in the industrial environments are the need of the hour. Here are the top seven security gaps
WannaCry and Petya, the two biggest malware threats in the past few years, did not specifically target industrial networks but they did reach them. These threats proved that weak security defences in and between IT and OT networks make it inevitable that OT will be attacked.
The prime reason WannaCry was so destructive is it targeted organizations running outdated versions of Windows, as old as Windows XP — which are no longer receiving security updates and patches. Making them completely vulnerable.
Attacks on Popular OT Tools
In May of this year, Tenable Research issued a warning about vulnerabilities in two Schneider Electric applications widely used in the United States for managing industrial processes in oil and gas, and other industries.
The vulnerabilities shone a stark light on the weaknesses of cyber security vendors and internal security teams, both of which have devoted considerable resources to IT while neglecting industrial environments.
Insecure Controllers Are Prevalent
Today, many organizations with OT networks face a massive challenge to maintain operational efficiency and improve network security at the same time. The challenge stems from the fact that organizations have a mix of vulnerable legacy controllers and newer Internet-based ones.
Legacy controllers are vulnerable because they lack critical security functionality that is common in newer technologies. Organizations often choose not to update or patch older systems, preferring operational efficiency over network security.
When an accidental or negligent change is made to an OT network, it can have consequences that are just as devastating as an external attack. The source of the change is immaterial. It doesn’t matter whether the change originates from an employee or a third-party contractor.
‘Air Gap’ Myth
Until recently, industrial networks were separated from the rest of the world by air gaps. In theory, an air gap is a great security measure because it separates the industrial network from the business network — and, therefore, protects it. However, in today’s Internet-centric world, air gaps do not exist as IT and OT worlds are increasingly aligned and therefore more vulnerable to attack.
Whether a disgruntled employee steals code, sabotages a production line, or poisons a recipe, the impact can be catastrophic. Having real-time visibility into the network will not prevent a disgruntled person from performing malicious activity, but it will rapidly identify threats. Ideally, visibility should include a intrusion-detection system that analyzes network traffic, and active device integrity checks to identify threats.
Waiting for a Reason to Worry
One of the leading CISO concerns today is business risk. To minimize risk, organizations often adopt a top-down approach to securing all technologies as effectively as possible. This solid approach is rarely followed in the OT world because many people believe they should not worry until some event causes them to do so.