Protecting OT Networks from Cyber Attacks

Heavy industrial firms provide crucial infrastructure for the global economy, whether they create or transmit power or extract or refine oil, gas, or minerals. As a result, cyber-criminals find them appealing targets. By 2018, approximately 60% of firms polled had experienced a compromise in their industrial control (ICS) or supervisory control and data acquisition (SCADA) technologies.

 

Upstream, midstream, and downstream, the corporation is active in the industry value chain. It had been attacked on both its IT and operational technology (OT) systems, which were segregated from one another, as they are in most firms. IT network security and supervisory control and data acquisition (SCADA) systems have both been targeted by cyber-attacks. A ransomware assault, email phishing tactics, and website defacement were all experienced by the organization. Massive volumes of data were exposed to potential manipulation as the corporation was digitizing several systems, including vital controllers, posing a risk of catastrophic mishaps. The organization concentrated on three crucial steps.

 

Even as it underwent a digital transformation that heightened the vulnerability of its essential systems, a significant state-owned oil and gas business was subjected to frequent cyberattacks. A successful strike on its assets might devastate an entire nation’s economy. Remote vendors, employees (operators), suppliers, and other contractors frequently access OT systems to undertake authorized maintenance and other tasks, as we all know. By using personal devices (BYOD) and operating from home networks that are not fully protected, remote suppliers and employees have further exacerbated the situation.

 

These distant connections have obfuscated the IT vs OT security devices and increased the attack surface, allowing hackers to exploit new access points. Once inside the ICS network, hackers can possibly monitor and manipulate operational components, such as reading commands or evolving parameters, causing hazardous environmental conditions, jeopardizing the safety of plant personnel or the community, and potentially causing financial loss due to outage or production disturbances.

 

A lookback on National infrastructure attacks. The following are some of the most serious attacks on important national infrastructure in recent years:

• In 2014, a phishing attempt used to first breach its IT network and later its OT network, where hackers obtained control of plant equipment, caused major damage to a Western European steel mill’s operating environment.
• Attacks on an Eastern European power distribution grid in 2015 and 2016 knocked out electricity for 230,000 people. In one example, attackers gained access to a third-party vendor’s network, which was linked to an energy company’s OT network, enabling them to modify the control system.
• In 2017, terrorists obtained access to an ICS system at a Middle Eastern petrochemical complex, attempting to damage operations and cause an explosion.

In the consumer, enterprise, and industrial worlds, IoT devices and technologies are quickly becoming mainstream.

 

Four best practices for protecting Operation Technology systems from cyberthreats are listed below:

A) Implement a Zero Trust Framework

While the zero-trust security philosophy is gaining traction, most businesses are still stuck with the traditional network perimeter security approach, which relies on VPNs and other tools to provide remote access.

Understanding each connected user and device, as well as the data they’re attempting to access, is the first step in securing any network. Any security framework, including zero trust, must start with this basic principle. Consider putting the following in place to properly embrace zero trust across your OT network:

Employ network security to give applications access that isn’t dependent on network access. This means allowing contractors and vendors access to only the software and services they require, without the need for complicated firewall configurations or VPNs.

Provide software micro segmentation to block access from discovering programs to which they are not permitted. This step helps secure the network against human errors, which are one of the primary causes of breaches and service disruption.

Create a centralized point of visibility and access for numerous systems that require different communication methods. These days more and more OT systems are being connected to IT systems for increasing automation, cost savings, and effectiveness, making these technologies recognizable and available on the web to only authorized users reduces the security vulnerabilities.

All operations performed via remote access are monitored and recorded via on-screen recorded video, keystroke recording, and other methods. Monitoring sessions is necessary for both security controls.

Apply granular control over encounters by enforcing minimum privileges and limiting the instructions that a user may run. Protect APIs – API security is critical for ensuring the integrity of data transmitted between IoT devices and rear systems. Specific APIs should only be accessible to approved devices, programmers, and apps.

B) Match the Proper Remote Access Tools to the Appropriate Application

VPN usage has risen to a most peak in the last year alone, owing to a widespread move to remote work. Unfortunately, VPNs and other remote management technologies, such as RDP, are being abused in dangerous ways. The hazard is greatest in OT networks. When privileged entry and third-party access are required, VPNs and RDPs should be avoided.

While VPNs are adequate for enabling basic distant employee access to unauthorized systems (e.g., email), they lack the detailed security controls, visibility, flexibility, and cost-effectiveness that third-party and distant worker accessibility to OT/IoT devices require. VPNs are unable to impose local privilege access or session tracking, both of which are required for privileged access control management and accountability.

C) Understanding IT Security Versus OT Security

The policies and service contracts for managing IT systems in most firms do not transcend beyond the operational technological environment, resulting in a security and management gap. It’s not as straightforward as transferring IT security best practices to the OT system to manage security and risk in OT applications. When it comes to defending the most sensitive situations, consumer-grade remote access / support as well as other IT solutions are clearly insufficient.

The lifespan durations for OT technology are substantially longer than for IT. In OT contexts, older machines that have been in place for 20-25 years are common. In the IT world, however, machinery rarely lasts longer than five years. As a result, there are obsolete, diversified endpoints with no patches or upgrades available due to inadequate computational power.

IT industry had generations to develop security procedures and reduce risk. However, risk management is a universal requirement, and organizations must develop solutions and strategies to safeguard their OT environments that are tailored to their individual requirements.

D) No Password Sharing! Use Robust Advantaged Credential Management Techniques!

In OT contexts, password blunders abound, and they continue to be a major source of security breaches. Access isn’t confined to specific network devices or segments, and credentials are frequently transferred inside and externally.

Secure access to privileged login details and SSH keys in your OT environment to reduce the risks of privileged credential compromise. Implement an enterprise-grade protected credential management solution that gives admins full control over data and software access via live session management, allowing them to monitor, lock, and document suspicious activities while also locking or terminating sessions. Embedded and default credentials should be removed, and they should be managed actively and centrally.

Conclusion

VPNs are commonly used for privileged distant worker or contractor access, but this is an unsafe VPN use case since VPNs lack detailed access controls and can’t supervise or manage sessions. While VPNs can provide a protected tunnel from one site to another, the access a VPN allows is uncontrolled, which is unacceptable in any sensitive setting, let alone OT systems. Privy users, whether employees or vendors, offer the most risk since an attacker can ride on whatever rights the worker needs to migrate across from the IT networking to the OT and ICS systems on the factory floor.

Author Bio: