Ransomware Increase Highlights Need for Better IT, OT Security
IT networks tend to get all the attention for cybersecurity, but operational technology (OT) and the supply chain are at increasing risk of cyberattacks. Manufacturing security needs to deploy a more holistic view of their systems, by securing the infrastructure, supply chain and the products they manufacture.
To protect the manufacturing process, leadership needs to understand what the threat vectors are for anyone who has both IT and OT to secure.
“The most common way external adversaries attack an OT environment is through IT,” said Dawn Cappelli, VP, global security and CISO at Rockwell Automation, in a press briefing during the company’s Automation Fair at Home conference.
“Typically, they get into the company’s IT environment via a phishing email or exploiting an unpatched vulnerability,” she added. Once inside the IT network, they traverse to the OT network. “You can protect OT without working with IT.”
Also, OT can be infected by anything that is inside the plant network. Anything inside the plant that is connected to the internet can get to the OT network, making it necessary that your converged IT/OT security strategy secures you from the internet directly.
Cyberattacks also can impact OT and manufacturing through the supply chain, whether through a remote connection (more common now as more people are working remotely during COVID-19) or through an onsite connection (i.e., connecting an infected drive into the system).
“These are the issues we need to consider when deciding a cybersecurity strategy for external threats,” Cappelli said. Security and IT teams must also be aware of insider threats, and those attack vectors must also be considered when designing the security strategy. The best option is to consider a converged holistic strategy.
How to Develop an OT Security Strategy
Cappelli said her team at Rockwell Automation uses the NIST Cybersecurity Framework for protecting its IT infrastructure but found that the framework also guides security strategies for OT environments.
“NIST works really well for the converged IT/OT security strategies,” she said. “However, a problem that companies are running into is that IT and OT don’t work together.” IT security is much more secure, so there is a desire to have those strategies trickle down to OT, but those responsible for OT aren’t always willing to accept that help. They want to be independent.
This is why the No. 1 step in developing an OT security strategy is to create a strategic road map using a cross-functional team. Using the NIST Framework as a guide, you can build a team comprising of IT, security, plant managers and plant engineers, as well as others central to defending the infrastructure. Through this type of collaboration, OT can begin to understand the security contribution of IT and IT can see how OT differs and come up with a different security process.
Step two is to prioritize based on risk. Put together a list of everything that needs to be done, but create a sublist of tiers; those that are considered Tier One level should be addressed immediately. There may be different risks in different areas of the plant, so you can’t look at everything as equitable.
To create your security strategy road map, Cappelli suggested following these steps:
- Identify. Anyone who works in an OT environment knows asset inventory is necessary. Also, pay attention to risks coming from third parties.
- Protect. Implement a protection plan across the factory.
- Detect. Implement clarity across the plants for better threat detection.
- Respond. With improved clarity of detection, you will know how to better respond. You’ll be able to tell if the problem is in the OT infrastructure or if it is malware in IT.
- Recover. Have a plan in place on how to best recover from a cyberattack.
The Rising Threat of Ransomware
“We found that ransomware attacks are hitting our manufacturing supply chain,” Cappelli said. “Now if a supplier is hit with ransomware and can’t produce their product for a month or more, that will impact your company’s production.”
In fact, the manufacturing industry has become the latest hot target for ransomware, with attacks tripling in number over the past year, according to research from Dragos.
“Ransomware with the ability to disrupt industrial processes is the biggest threat to manufacturing operations. Adversaries are increasingly adopting ICS-aware mechanisms within ransomware that could stop operations,” according to a blog post about the study.
“Disruptions within manufacturing industrial processes have supply chain implications that impact businesses and potentially operations elsewhere. The theft of proprietary and confidential manufacturing process details—often considered intellectual property—remains a high risk for manufacturers,” the post added.
Why is cybersecurity such a big issue for the IT/OT environment today? It goes back to the rise in ransomware against manufacturing. Cybercriminals know that IT teams are getting better at responding (or not responding) to ransomware threats. There are better systems in place to defend against it. But downtimes caused by ransomware in OT can’t be tolerated, so they are more willing to pay a ransom. And if there is any downtime in an OT environment, it takes much longer to recover than would an IT environment. So cybercriminals got smart and decided this would be a profitable target.
Ransomware right now has become the biggest cybersecurity threat against OT, Cappelli believes, and this makes improving the IT/OT security strategy even more urgent.
