Get A Quote

Much talk on cybersecurity focuses on the issues within the ever-expanding enterprise. This generally refers to the security implications of the hyper-connected enterprise network with a multitude of endpoints. However, the advent of ‘Industry 4.0’ with the automation of manufacturing that it brings, means that once closed operational technologies, are now connected to a wider IT infrastructure. Operational Technology or OT, is an industrial technology that is increasingly converging with IT.  In doing so, these converged systems, often in the form of Industrial IoT (IIoT), are seeing increasing cybersecurity threats.

And the result is stark: a 2020 report into OT security found that 90% of organizations had at least one OT system intrusion incident.

When OT and IT merge

Operational Technology (OT) is used to control physical systems such as those found in manufacturing. It extends to cover Industrial Control Systems (ICS) and the ICS management framework, as well as Supervisory Control and Data Acquisition Systems (SCADA). Information Technology (IT) is used to control the sharing, collaboration, and use of data using apps, servers, endpoints, etc.

Industry 4.0 is driving manufacturing and related industries to a new era. The needs of the new manufacturing paradigm are heavily dependent on data. Technologies such as robotics and automation depend on data and advanced data analytics to operate. The smart machines of Industry 4.0 are connected. This connection allows data to be captured, shared, analyzed and used to optimize industrial systems, merging IT and OT.

A July 2020 alert from NSA and CISA (Cybersecurity and Infrastructure Security Agency) sums up the serious nature of the convergence of OT-IT stating “all DoD, NSS, DIB, and U.S. critical infrastructure facilities should take immediate actions to secure their OT assets.”

By merging OT with IT, the previously siloed and protected systems that manufacturing used are now open to the same kinds of security threats normally targeted at IT systems. This includes ransomware and Distributed Denial of Service (DDoS) attacks.

The cybersecurity issues when OT merges with IT?

In 2018, Kaspersky explored the security implications of merging OT with IT. Their findings show some shocking realities of the meeting of IT systems with manufacturing technologies.

The reality of the connecting up of IT with OT is described in the IBM X-Force “Threat Intelligence Report Index 2020”. The findings of the report show a massive 2000 % increase in cyber-incidents impacting OT infrastructures. The report also highlights the increasingly destructive nature of these attacks, with ransomware attacks against OT environments up by 67 % in 2019.

Examples of attack types in OT environments

Security attacks range from protocol vulnerability attacks through data theft and DDOS/IoT bot attacks. These are some examples of the range of cybersecurity threats in the OT space:

·      OT security issue - software vulnerabilities

A recent vulnerability affecting all Windows servers was discovered in third-party code used by some of the top manufacturers of industrial control system (ICS) software. A CISA advisory on the issue states that “Successful exploitation of these vulnerabilities could allow an attacker to alter and forge a license file, cause a denial-of-service condition, potentially attain remote code-execution, read heap data and prevent normal operation of third-party software dependent on the CodeMeter

·      OT security issues - a RAT

A RAT or Remote Access Trojan is malware that works by stealth, creating a backdoor for hackers to control and administer cyber-attacks remotely. PoetRAT, was identified by researchers at Talos Intelligence and is believed to be behind attacks against the Azerbaijan government and utility companies. Word documents were used to drop the malware into a system. The RAT targeted (amongst others) the SCADA sector including wind turbine systems.

·      OT security issues - state-sponsored attacks

State-sponsored hacking groups target critical infrastructures for intelligence and disruption purposes. There are a number of such groups using a variety of techniques to perpetrate cyber-attacks. The North Korean hacking group Lazarus is an infamous example. Often, these groups use highly sophisticated tactics that focus on OT-IT convergence. The MATA malware is a framework that consists of several components, including a loader, orchestrator, and plugins which can be used on multiple operating system types. The Lazarus group is known to have used MATA to attack a number of countries such as Japan, Germany and India.

5 Tips to protect OT environments

To protect operational security environments there are some baseline protective measures that should be put in place:

  1. IT/OT security awareness: Security awareness that covers OT and IT is an important part of general awareness training. Employees at both the shopfloor and management levels should receive training on phishing awareness and security hygiene.
  2. Extend security policies to cover OT: OT security threats are increasingly likely. Ensure that security policies reflect the types of cyber-threats against OT systems, such as IoT devices and SCADA. Add in the points where IT systems and OT merge to ensure that gaps in security are properly covered.
  3. Know your supply chain: Vendors that feed into the supply chain may themselves be subject to OT security attacks. This can lead to threats across and up the supply chain. Know who your vendors are, what operational technology environment they have, and what security measures they use to protect their OT-IT systems.
  4. Use Network Monitoring and Automatic Asset Discovery tools: Knowing what assets you have is a baseline requirement to work out risk areas and levels to apply the correct security measures. Make sure you have a robust OT asset inventory in place and use asset discovery tools on a regular basis.
  5. Patch management: Patching firmware and OT software can be more complicated than within an IT environment, but it is just as important. Having an asset inventory that is regularly updated is the starting point. An end-to-end patch management system specifically designed for OT environments may be required.

Are you considering doing a Risk Assessment or Penetration Testing on your OT environment?

Contact Us Today to get an evaluation.