As owners and operators of critical infrastructure converge their IT and Operational Technology (OT) departments and systems, they face increased cyber risk, warns Doros Hadjizenonos, regional sales director at Fortinet.. Threat actors have quickly moved to target newly vulnerable OT systems with ransomware, for cyber espionage, or to engage in acts of cyber warfare.
The incidence of these attacks is picking up: in fact, recent Fortinet – Forrester Consulting research has found that 58% of OT owners and operators have had a breach in the past 12 months, and a staggering 80% have experienced a breach in the past two years. More than six in 10 respondents suffered compliance, financial, operational, and even physical safety impacts due to attacks on their ICS and SCADA systems
This increased risk is threatening modernisation of everything from factories to refineries, utilities and telecoms infrastructure, with the number of operators with fully converged infrastructure actually dropping from 17% in 2018 to 15% today.
This step backwards deprives OT operators of the benefits of more effective and efficient monitoring of processes, the ability to leverage data from IoT devices to inform decision-making, and significant cost savings in power consumption, reduced raw materials waste, and employee efficiency.
A key challenge in energy, utilities and other OT environments is that many of the traditional security tools that work in other sectors simply will not work in the OT environment. Securing ICS/SCADA systems is complex, and is often approached in a fragmented manner. In addition, OT security tends to be reactive rather than proactive. OT operators are realising that they need to take a more strategic approach to tying the security of ICS and SCADA systems to the needs of the business, and for cybersecurity risk to be integrated into a company’s overall risk portfolio.
Four strategies for securing OT environments
To benefit from modernisation without increasing risk, OT operators have to move quickly on four key security priorities:
Zero Trust Network Access. All devices and all users must be scrutinised, logged, and monitored for vulnerabilities. NAC solutions can investigate devices for context (who, what, where, when, how), tie them to policy, control access based on role, and limit privileges to just those resources needed to do the job. Ongoing monitoring ensures devices comply with policy once they have been granted access.
Segmentation. When practicing a zero trust network access strategy, the assumption is that users, devices, and apps may have already been compromised and countermeasures must already be in place. Dynamically segmenting these devices, apps, and workflows acts, either at the point of access or when workflows and transactions are initiated, serves to limit the impact of a breach.
ICS/SCADA security. Cybersecurity teams must identify and deploy security tools that have been created expressly for the energy and utilities sector – they should be able to meet the demands of ICS/SCADA environments, function without disrupting delicate OT systems and sensors, support common protocols, and withstand the harsh physical conditions where they are often deployed.
Business analytics. Visibility is key. A proactive security posture that handles threats at speed is essential – it must be able to make use of advanced behavioural analytics to identify abnormal behaviour, quarantine offending devices, and safely detonate threats so attacks won’t impact live operations.
As guardians of critical infrastructure such as energy grids, mining and drilling operations, refineries, energy transportation and pipelines, the security teams who work in these organisations have an enormous challenge ahead of them. For those that do not have a fully built-out security operations center (SOC), it often makes sense to collaborate with a well-resourced partner for intelligent network segmentation, advance access controls, advanced malware detection and full network analysis and visibility.