Sponsored Article
IT-OT convergence makes cybersecurity a priority for everyone
21 August 2023
The IT/OT divide has eroded away, which is shifting the needle of cybersecurity considerations. The gap between IT and OT within industry used to be clearly defined, and each side had its very specific and owned role to play, with very little crossover. Fast forward to today, in the wake of rapid digital transformation, and the dividing line between these two disciplines is almost non-existent.
As more technology is deployed on the OT side and software connects every facet of an enterprise together, it has moved the critical responsibility of cybersecurity from an IT-only activity to something to be considered by every employee, no matter their job role.
Non-sector specific
While there are elements of cybersecurity risk present in all industrial businesses, those that were targeted in recent years were usually in the infrastructure sector, responsible for power generation or water treatment. In fact, in 2022 alone, ransomware attacks on infrastructure doubled. As a result, such infrastructure has needed to make rapid advancements in cybersecurity, and specifically to secure connected operational technology and associated OT professionals. This is an example that should be followed across industry in its entirety, whether it is a small manufacturer producing a single specialised custom product, or a global enterprise with multiple facilities around the world.
Cyber-attackers themselves are also wising up to the importance of OT in modern industrial settings. Studies completed by Claroty across the water wastewater sector suggest that 34 percent of companies have experienced ransomware attacks that affected IT only, and 22 percent affected OT only. For 49 percent of all respondents, those attacks resulted in downtime with costs between $100,000 - $5M per hour, with 60 percent of respondents paying the ransom demanded by hackers.
Manufacturers who believe that they won’t be targeted as they don’t provide an infrastructure service, are mistaken. Studies show that in 2022, manufacturing received the highest distribution of cyber-attacks worldwide, with 24.8 percent. Manufacturing organisations need to take action now, and remain vigilant, as their networks become increasingly complex and produce ever-growing and increasingly valuable data.
Best practices for all
The following best practices should be adopted and regularly assessed by all manufacturing businesses, regardless of team size or how likely they think a cyber-attack will happen, these practices provide the best possible line of defence to ensure that your OT side is protected.
1. Offline backups
Ransomware encrypts data on a network, rendering it useless until demands are met. If the demands are not met, sensitive data can be sold and businesses locked out of networks, leaving them unable to keep operating. There is the added risk that industrial businesses may use large machine assets which, if operated incorrectly, can put workers into unnecessary danger when under cyberattack. Manufacturing is a lucrative target for ransomware attackers, because the low tolerance for downtime often means that the target will pay the ransom very quickly.
Manufacturing sees a large network of OT devices, often from multiple suppliers with potential endpoint vulnerabilities. Modern attacks have also disguised malware presented as ransomware, meaning even after the ransom is paid the files are not decrypted.
To mitigate some risk, and ensure that production can get up and running quickly, it is essential that manufacturers have a robust offline backup procedure in the event of an attack. With data backups to fall back on, manufacturers don’t have to give in to hackers in the first instance as everything they need to restart production is kept securely offline. While this best practice can’t eliminate the risk of a ransomware attack, it can lessen its impact on the business.
2. Employee training
As stated previously, training around cybersecurity in previous years was very much an IT-only activity. The truth is that 95 percent of cybersecurity incidents occur due to human error, meaning that everyone across the IT-OT divide should be regularly kept up to date on the latest approaches to cyber protection.
While it is common knowledge that unknown USB devices shouldn’t be inserted into the network, this is far from the only threat that OT professionals should be aware of. Sophisticated phishing emails, disguised to look like they are coming from a trusted source, are a common cyberattack in manufacturing. These emails have all the right logos, signatures, and all other identifying features that would mark it a safe communication – all designed to prompt OT professionals to provide entry to the network.
Phishing attacks are prevalent with manufacturing due to a number of factors. First, long supply chains mean multiple organisations constantly communicating, making it harder to track official emails. Secondly, it is easy for hackers to find the names of management staff and use their identity to contact OT professionals.
All these factors have one thing in common that hackers use to their advantage: there is a clear separation between the OT professional and the cyber-focused training of IT. Every member of a manufacturing organisation needs to be brought up to the highest standards of IT protection, no matter where their day-to-day role sits.
3. Legacy assets
Throughout manufacturing and the wider industrial sectors, it is common to see assets remaining in operation for a long time. In many cases, these assets were never designed to be connected to a network, and therefore do not have the required security measures. As Internet of Things (IoT) devices are added to these legacy devices, they often remain in operation with the same lack of security.
The threat of cyberattacks on legacy assets reach much further than stealing valuable data. Given the nature of these assets, OT professionals can be put into harm’s way if they are not operated properly. The Stuxnet virus is a well-documented example of this when, back in 2010, it caused centrifuges at an Iranian nuclear plant to spin rapidly and self-destruct.
This highlights the importance of cybersecurity for OT; it isn’t simply about protecting the interests of the company, but it’s about creating a safe working environment for the OT workforce.
IA framework
The important takeaway from this piece for OT professionals and business owners is to never assume it won’t happen to you. Likewise, it’s important not to assume that other sectors or businesses are more likely to be attacked than yours. The threat of cyberattack is very real for OT professionals, and they are being targeted at a growing rate. Cybersecurity is no longer the responsibility of just IT. Manufacturing businesses especially need to bring the cyber understanding of OT to the high standards of IT, to ensure that production can continue and workers are kept safe.
While some of the steps becoming more common in the commercial arena to ensure cyber protection, such as regularly changing passwords and two-factor authentication, will offer a level of security, there are too many OT specific threats out there to assume that that will do. OT cyber protection must be assessed and understood by all members of a manufacturing enterprise.
More information here.
Contact Details and Archive...