Emily Newton is the Editor-in-Chief of Revolutionized, an online magazine that explores innovations in science and technology.
Why are IT and OT security critical for preventing critical Infrastructure attacks? What approach puts an organization in the best position to defend from cyberattacks?
In the wake of several recent high-profile attacks on critical infrastructure, like the Colonial Pipeline attack of June 2020, businesses are starting to re-evaluate their approach to cybersecurity.
While businesses traditionally focus on IT security and rely on the air-gapping of OT systems to shield them from attack, growing integration of IT and OT systems via technology like IIoT sensors means that OT cybersecurity is becoming essential.
As cyber attacks become more frequent and amateur attacks on critical infrastructure become more regular, businesses will need to defend their OT systems. The right cybersecurity approach will allow businesses to defend IT and OT systems at the same time.
The Growing Importance of OT Security
Traditionally, operational technology security hasn’t been necessary or as important as IT security. OT systems were typically air-gapped by design, as they did not need to be connected to the internet.
The rise of industrial digitization has meant the proliferation of internet-connected OT systems and hardware like internet of things (IoT) sensors and equipment. OT systems are, in general, much more vulnerable to cyber threats than they have been in the past. This change, coupled with the growth of cyber attacks in general, means that organizations need to take greater care
Coordinating IT and OT Security Efforts
Another challenge for businesses is the integration of IT and OT operations. Often IT and OT systems are kept separate and managed separately despite the ongoing digitization of those OT systems. For example, employees managing the OT system may report to the COO, while IT workers report to the CIO.
This approach often results in a doubling of existing systems, and a complex network where solutions are unable to share data. Full visibility of network devices may be difficult or impossible to attain, and a standard business-wide security policy could be impossible.
Connecting Legacy Systems to the Internet
Legacy OT technology typically wasn’t built with security in mind, as it was expected to be air-gapped and remain disconnected from the internet for its lifespan. Connecting these legacy systems directly to a business’s IT infrastructure can put OT systems at risk.
The incorporation of remote-access systems can also create problems in a similar fashion.
How these OT systems are being connected may also present new risks. IIoT device security can make factory cybersecurity much more challenging, as businesses that successfully implement IIoT-based operational monitoring and predictive maintenance often use dozens or hundreds of individual IIoT sensors.
Each of these sensors presents another potential vector of attack for cyber criminals.
Coordinating the maintenance of a large IIoT fleet — especially one where sensors come from multiple manufacturers — can also be challenging. However, if not properly initialized and regularly updated, these sensors may be even more vulnerable to attack.
However, connection of OT and IT systems is seen as increasingly necessary. OT data can be essential for improving IT processes, and the integration of IT and OT is necessary for businesses that want to use technology like IIoT sensors for operational monitoring.
IIoT technology is, in general, at the intersection of IT and OT systems, and implementing it will require closing the air-gap that OT systems have traditionally depended on for security.
If businesses want to take advantage of the growing market of IIoT technology that enables new robotics, process optimization technology and predictive maintenance approaches, they’ll need to prepare for an OT-IT system that will require special care to secure.
Protecting OT-IT Systems From Cyber Threats
Basic cybersecurity best practices will lay the foundation for an effective OT-IT security strategy. Multi-factor authentication, patching, malware detection and network segmentation can all reduce the risk of a successful attack, as well as limit the risks that a device may pose if compromised.
A well-documented IT and OT cyber attack response plan will also help. The plan, which should include information like OT vendor contacts, documentation of backups and a cybersecurity maintenance schedule, will help ensure that workers know how to respond in the event of an attack or breach.
Updating a company’s OT asset inventory can help ensure that all devices are accounted for, and help cybersecurity workers know which devices are vulnerable to potential attack.
Investment in training will also be essential. Even workers who aren’t directly involved in the management of OT or IT systems should have a good understanding of cybersecurity basics — it’s not uncommon for hackers to use phishing attacks targeting executives to break into business networks.
IT and OT Security – How Managers of Critical Infrastructure Can Respond to Growing Cybersecurity Threat
Cybersecurity is likely to become even more essential for organizations that manage infrastructure in the future.
As the frequency of attacks on infrastructure increases, and as Industry 4.0 technology becomes more effective, OT cybersecurity will be necessary to defend organization networks against attacks.
Good security practices — like employee training, network segmentation and a security solution that enables 100% device visibility — will be key in defending infrastructure against attacks.
