By Sabyasachi Goswami, Rockwell Automation & Rowan Macfarlane, Dragos
Operational technology (OT) has become the backbone of many industries, driving critical processes and systems. OT systems are essential to business success, from efficiency and automation to real-time monitoring for efficiency to mitigating risks for maximum safety and security. Furthermore, as many key industries drive critical processes and systems, any disruptions or failures in OT systems can have far-reaching consequences beyond economic losses.
Against this backdrop, it’s crucial to safeguard organisations’ OT systems. According to McKinsey, cyberattacks on OT systems have been on the rise, and in 2023, 70% of ransomware incidents happened in the manufacturing sector. With targeted threats that focus on infiltrating and disrupting industrial control systems, having proper gatekeeping measures has become imperative.
Cybersecurity risks in OT / ICS
Technology has significantly improved the industrial operations and critical infrastructure sector. However, the same technology that has benefited organisations also contributes to the cybersecurity risks that these organisations face. For example, while connectivity improves efficiency, it creates new avenues for cyber attackers to infiltrate OT or industrial control system (ICS) environments. At the same time, OT professionals need to manage day to day operational reliability and efficiency needs against lower likelihood, but severely impactful cyber-attacks.
In cybersecurity, OT environments pose unique challenges compared to traditional enterprise IT environments. Unlike the IT industry, where software and hardware are frequently updated to address security strategies, the OT sector is often untouched. This is often attributed to resourcing challenges, complexities in change management, or to maintain plant availability. Over time, OT devices and operating systems become outdated, making them difficult to maintain as they lack the required patches for security updates, causing security loopholes in the organisation’s critical infrastructure.
Globally, industrial organisations have been slow to recognise the importance of developing and using cybersecurity programs specific to OT. However, nearly 60% of attackers coming from nation state affiliate groups, with politically or financially driven motives. This means that critical infrastructures, such as energy, critical manufacturing, or water, become their main target since they will be the theatre of future wars, having the most potential to cause the greatest impact against an adversary.
Enhancing critical infrastructure resilience
With the growing number of cybersecurity breaches, protecting critical infrastructure should be the first step for any organisation. Take a defense-in-depth approach by deploying a multi-layered security approach on multiple fronts. Organisations should look into taking on a combination of advanced security tools to protect their endpoints, data, applications and networks. It is important to ensure that every endpoint is protected, whether it is on the IT or OT side of the organisation’s infrastructure. At the very least, industrial organisations should prioritise and take existing cybersecurity measures seriously instead of keeping it as an afterthought.
To further strengthen and mitigate cybersecurity attacks across the organisation, consider deploying a zero-trust architecture. Run a risk and vulnerability assessment to identify the gaps within the IT and OT infrastructure to pinpoint the most vulnerable areas within the ecosystem, then identify and implement the cybersecurity tools that are most suitable to the use-cases required. It is important to note that a zero-trust model is not a one-size-fits-all and can look different for every organisation. This is why having a trusted partner who understands your business is crucial when taking a zero-trust approach.
Most importantly, adopting a zero-trust model could mean embracing a mindset shift for organisations. This can be a tedious step to take, but for a truly successful shift, cooperation across the organisation is necessary. From cybersecurity controls like network segmentation, multi-factor authentication (MFA), frequent asset inventories, or OT patching, having an added level of security safeguards organisations’ most precious assets and critical infrastructure.
Safeguarding OT systems with strengthened cybersecurity
According to Dragos, organisations looking to implement a preventive cybersecurity program should consider the SANS key ICS Cybersecurity Critical Controls, as below:
- Build an ICS incident response plan
This involves developing a dedicated plan for specific scenarios and will require collaboration between different departments as it is a whole-of-business approach. For example, establishing a plan for ransomware may require input and coordination with several areas of the business, such as operations, engineering, public relations, legal, data privacy, customers, and regulators. As a result, plans and procedures should be prepared and tested in advance.
- Set up a defensible architecture
Understand what systems are important for operations, then build a demilitarised zone (DMZ) between the OT systems and business environment to enable quicker response and more rigorous security controls.
- Ensure OT visibility and monitoring
An important aspect of preventive cybersecurity, visibility is key because it helps organisations look into what’s happening within their operations at all times. This helps with early threat detection and rapid incident responses. Being able to see what happens on the ground also gives businesses more confidence as they have real-time data to back them up.
- Enable secure remote access
More organisations today are already implementing secure remote access, or MFA, within their environment. MFA is so important in providing an added layer of security across systems. From vendor access to file movements across the company, even enabling employees to work remotely, MFA can significantly reduce risk for organisations without requiring a large investment.
- Risk-based vulnerability management
The reality is that securing every aspect of the business and patching every potential loophole is not as simple due to the legacy systems involved within OT environments. However, by knowing the gaps and areas of vulnerabilities within the organisation, businesses can pay more attention to them, so they can develop a plan with the business to resolve these vulnerabilities in an appropriate way.
Building a more resilient infrastructure with a trusted partner
Cybersecurity should be an always-on preventive approach, and organisations must proactively take action to safeguard their critical environments. Rockwell Automation provides a range of industrial cybersecurity solutions to meet businesses where they are and provides specialised knowledge in OT cybersecurity.
Whether it’s project-based security enhancements or long-term cybersecurity solutions that can support organisations as they innovate and navigate the future of IT/OT convergence, our partnerships with cybersecurity experts like Dragos give us deep industry knowledge and experience, bringing insights specific to the industrial automation space.
We’ll never know when the next cybercrime will happen, so take action before it’s too late.
About us:
Rockwell Automation, Inc. (NYSE: ROK