Cyber Attacks Targeting More OT Environments – What Can Be Done?
This post is also available in:
By 2025, cyber attackers will have weaponized operational technology (OT) environments to successfully harm or kill humans, Gartner research firm predicts.
OT is a type of computing and communication system – including both hardware and software – that controls industrial operations, mainly focusing on the physical devices and processes they use. They are used to gather and analyze data in real time, which is further used to monitor a manufacturing unit or to control equipment.
Various industries, such as telecommunications and oil and gas, use OT to ensure different devices work in coordination. For example, in the oil and gas industry, operational technology ensures that all safety systems are in place; in the telecoms sector, it alerts engineers beforehand if there is a potential snag in the network.
Attacks on OT have become more common. They have also evolved from immediate process disruption such as shutting down a plant, to compromising the integrity of industrial environments with the intent to create physical harm. Recent events like the Colonial Pipeline ransomware attack have highlighted the need to have properly segmented networks for IT and OT.
Interested in learning more about OT and SCADA security? Attend INNOTECH 2021 Conference on Cyber, HLS, and Innovation
Gartner predicts that the financial impact of cyber-physical systems (CPS) attacks resulting in fatalities will reach more than $50 billion by 2023.
The security-breach incidents in the OT and other CPS cases have three main motivations – actual harm, reduced output and reputational damage that makes a manufacturer mistrusted or unreliable, according to garnter.com.
Even without taking the value of human life into account, the costs for organizations in terms of compensation, litigation, insurance, etc. will be significant, Gartner added. It predicts that most chief executives will be held “personally liable” for such incidents.
Gartner recommends that organizations adopt a framework of 10 security controls to improve security posture across their facilities and prevent incidents in the digital world from having an adverse effect in the physical world.
Among its recommendations:
- Define roles and responsibilities – appoint an OT security manager for each facility.
- Implement and test incident response
- Ensure proper backup, restore and disaster recovery procedures are in place.
- Manage portable media such as USB sticks and portable computers and ensure they are scanned.
- Establish proper network segregation – OT networks must be physically or/and logically separated from any other network both internally and externally. All network traffic between an OT and any other part of the network must go through a secure gateway solution like a demilitarized zone (DMZ).
- Implement a process to have patches qualified by the equipment manufacturers before deploying.