How to protect and safeguard critical OT infrastructure
Operational technology (OT) is at greater risk from cybersecurity attacks than ever and it requires a good, holistic plan that keeps workers educated and vigilant.
OT cybersecurity insights
- Technology’s increasing interconnectivity enhances efficiency but raises cybersecurity risks, requiring constant vigilance and adaptive strategies to protect critical assets from evolving attacks, according to Matt Wiseman at the ARC Industry Forum.
- Integrating decades-old operational technology into the modern, interconnected landscape poses a significant cybersecurity challenge. Bridging the technology gap, addressing network complexities and fostering a cybersecurity culture are crucial for effective protection.
Technology has become more interconnected and capable of performing tasks to make people’s lives easier in a way that wasn’t possible anymore. However, this greater freedom through interconnectivity makes cybersecurity attacks a greater threat, said Matt Wiseman, senior product manager at OPSWAT, in his presentation “Safeguarding Removable Media: Unraveling the ICS Attacker’s Playbook” at the ARC Industry Forum in Orlando.
The goal is improving uptime and preventing downtime by adhering and following the latest compliance standards and developing best practices that can withstand the constant threats from attackers.
“It’s quite a challenge to stay on top of these different measures,” he said. “You try to be as protective as possible and prevent infiltration into critical assets.”
The critical assets that make up the operational technology (OT) landscape are an issue because many of them were developed before the internet was a concern. Trying to integrate technology that can be up to 40 or 50 years old with the internet while also making it seamlessly operate with more current technologies and systems is not an easy task even when the internet is taken out of the equation. While cybersecurity is crucial, Wiseman said, it’s also important to find a solution that doesn’t grind operations to a halt.
Three reasons why cybersecurity attacks happen
With the cybersecurity attack surface widening, companies need to be on their guard. Easier said than done, though, with the pace of technology and the worker’s knowledge becoming a major challenge. He cited three key reasons why cybersecurity attacks happen:
Network complexity. Converging information technology/operational technology (IT/OT) systems is not an easy task to begin with. Adopting the Internet of Things (IoT) has expanded the network attack surface and users have more mandates to comply with than ever before.
Technology gaps. Wiseman said malware has become more sophisticated and is capable of bypassing detection systems. There’s also major supply chain vulnerabilities and weak points with insecure devices and weak networks vulnerable to hacks.
Training gaps. There’s a lack of practical training for the workers they do have and a lack of expert workers and support. The need for people well-versed in IT and OT is very high, but there aren’t enough workers to go around.
Overcoming cybersecurity attacks with a better culture, focus
Cybersecurity attacks performed by nation-states in a deliberate act of aggression are a legitimate worry, but Wiseman said they’re less likely to occur.
“The real concern is the innocent employee doing something they didn’t realize was wrong.”
Companies can overcome this by instilling best practices into workers and develop a cybersecurity culture that is consistent and improves the company’s posture over time.
Techniques such as secure remote access and network security visibility with an intrusion detection system (IDS) also can help, but it comes down to the worker and knowing what to look for.
Chris Vavra, web content manager, CFE Media and Technology, email@example.com