Four ways to protect your OT environment from cybersecurity incidents
When it comes to physical infrastructure and security, operational technology (OT) has often been overlooked, giving hackers an easy backdoor into critical systems.
With increased networking of OT tech – such as building management systems (BMS), uninterruptible power supplies (UPS), and heating, ventilation, and air conditioning (HVAC) systems – it's more important than ever to secure unguarded threats.
The risks associated with physical infrastructure are now recognised by the vast majority of companies, with 70% considering an attack on their OT infrastructure likely, according to a recent State of Industrial Cybersecurity report.
Compromised OT networks not only enable hackers to meddle with operational infrastructure, they can also enable bad actors to travel through laterally and infiltrate other areas of your networks, potentially granting access to highly sensitive data.
As such, the OT security challenge can be complex to navigate and indeed prevent; the attack surface is often incredibly wide (including every networked device), many of which were never intended to be networked. To make things worse, OT devices are often exposed to regular third-party access.
Hackers are, therefore, wising up and exploiting these weaknesses. Unlike IT attacks, which typically target the biggest number of users, OT attacks focus on a specific weakness within a single target. For example, it may be as simple as an UPS network card that requires a security patch.
To safely navigate this complex OT security landscape organisations are well advised to put into practise the following four action points:
A comprehensive asset inventory is the foundation of any effective OT security strategy. Before you can begin to manage your network, you need to understand which assets are connected to it, where they are, how they communicate, how they are supported and what contracts you have in place for the duration of their lifecycle.
All it takes is for one IoT device, such as a fire alarm box with dubious admin credentials, to be added to your network and make it vulnerable, so the first crucial step is gaining visibility of all the individual components and risks.
Network managers also need a clear, preferably real-time, view of who can access OT systems. Recent research reveals that 40% of OT security decision makers say third-party access to their network is one of their biggest security risks. For example, there are countless examples of contractors and supply chain partners having their log-in credentials stolen, or unwittingly infecting OT and IT networks with malware. Despite these clear and present dangers, less than half of organisations say they have a third-party access policy which applies to OT.
Modern data centre infrastructure management (DCIM) software is just one way to help overcome many of these challenges. For example, open and vendor-agnostic software solutions that leverage artificial intelligence (AI), machine learning and data analytics will automatically monitor, measure, and manage large, sprawling OT/IT networks, providing powerful insights that enable detailed systems planning and modelling. Networked DCIM solutions, such as Schneider Electric's EcoStruxure IT, will allow users to monitor their infrastructure no the its location – whether it is at the network core or edge.
If it's impossible to guarantee the security of OT infrastructure, segregation is often the second-best option. One way to successfully segregate physical infrastructure is to create two parallel networks – one classified and the other unclassified.
The classified, ultra-secure network will feature high-trust resources capable of safely dealing with sensitive data and critical assets. Suspect devices, however, should be connected to the secondary unclassified network, which is isolated from critical resources to ensure security cannot be breached.
The costs associated with two parallel networks with separate terminals, switches, routers, and internet access points can be high. Depending on the level of security required, virtual networks (VLANs) can provide levels of network segregation without breaking the bank. VLANs themselves, however, need strict access controls including logging and auditing.
DCIM software can prove invaluable when it comes to identifying exactly which suspect OT devices need to be segregated.
A two-pronged approach to ensure ongoing and proactive device security is highly recommended. On the one hand, a vendor-agnostic DCIM platform can provide real-time visibility of critical assets with proactive alerts regarding security issues and vulnerabilities. On the other, it's advisable to have a strict regime of patching and updating firmware, securing SNMP protocols with regular penetration testing to increase security.
Reputable manufacturers will be able to provide details of the patching and firmware support they offer for their products. Some organisations use third-party patch providers. While this may be cheaper, third parties may not necessarily have access to the manufacturer's core software in order to carry out the very latest firmware updates.
It's also critical that you devise a support plan for the full lifecycle of your devices. OT infrastructure service life tends to be significantly longer than IT devices, with companies historically continuing to use OT hardware beyond the period supported by the manufacturer. Companies that insist on taking this approach need to make an important judgement call, do they retire physical infrastructure when support ends or are they willing to risk malicious actors taking advantage of unpatched and obsolescent firmware.
Visibility and real-time insight are ultimately key to designing and maintaining a strict security patching regime. You need to know what devices are on your network, the level of manufacturer support they require, when that support is scheduled to end and what hardware is already unsupported and poses a security risk.
It's easy to overlook physical infrastructure, which means OT is often omitted from disaster recovery (DR) and business continuity plans. This can cause major issues in the event of a cyberattack. An effective business continuity plan will include a comprehensive impact assessment of possible breach scenarios, details of damage that could be inflicted, how long affected systems can stay offline before seriously affecting operations and steps to take to mitigate risk.
Further preventative maintenance suggestions to safeguard critical can also include backing up data as well as patching, firmware updates and device segregation. One may also choose to undertake regular testing of DR procedures to ensure your systems are robust and safe. At the same time, it's also important to figure out the degree of indirect access a compromised OT asset could provide to a malicious actor - whether to mission-critical processes, systems, or data.
Finally, it's vital that you adopt a risk-based approach to physical security and scale your response accordingly. For example, a cyberattack on an office block's building management system may not cause massive disruption, but a similar attack on a water treatment plant or a power station could endanger critical water and energy supplies to millions of people.
Physical infrastructure security is a journey, not a destination
Now that physical infrastructure assets are increasingly digitised and networked, it's imperative that businesses ensure their organisation has the latest OT cybersecurity protection.
Working with experts who have a clear view of physical infrastructure security is one of the best ways to ensure your critical assets are protected. A robust DR plan is also invaluable should the unthinkable happen and your OT systems become compromised.
Rather than being a "one-and-done" process, securing your physical infrastructure should be an on-going process, ensuring your networks are secure now and well into the future.