Are organizations struggling to address the convergence of OT and IT?

The world of connected devices is constantly changing, particularly with the continued increase in Internet of Things (IoT) devices, and the use of Operational Technology (OT) to improve operations within organizations.

In the January 2020 edition of the GTIC Monthly Report, GTIC analysts discuss the challenges in securing OT, and investigate the increasingly blurred line between OT and IT security.

47% of hostile activity directed at manufacturing clients was reconnaissance-related

The rising OT challenge

GTIC analysts reviewed client engagements and discussions to understand the difficulties organizations have been facing with their OT implementations. It’s interesting to note that organizations may not always have comprehensive knowledge of their own networks – which is made more important when OT and IT teams are not collaborating effectively. Interestingly, the majority of attacks from OT come from IT, as these devices often cross from one type of network to another; organizations are still struggling to properly defend these types of devices and networks. Unfortunately, it may only get worse, as OT is becoming progressively mixed with IT.

Worse yet, there’s an increasing amount of reconnaissance targeting these types of networks – especially against the manufacturing industry. In fact, the 2019 NTT GTIR showed that 47% of hostile activity directed at manufacturing clients was reconnaissance related, typically a good indicator of initial targeting by adversaries.

How do you create a secure architecture from the ground up?

Securing OT environments from the ground up

In addition to looking into some challenges organizations face in attempts to secure OT networks, this edition of the Monthly Threat Report provides several suggestions for securing OT implementations. It includes recommendations for several top strategic ways to secure OT environments – including creating a secure architecture from the ground up.

This report reflects what we know about the current state of cyberactivity from Iran, based on the recent drone strike which killed Iranian Quds Force leader, Qassem Suleimani.

Open source information suggests that typical historical Iranian cyber Tactics, Techniques and Procedures (TTPs) have been observed. Based on available open source information, it doesn’t yet appear that Iranian actors have deviated significantly from their standard TTPs, including reconnaissance, targeting of neighboring Middle Eastern countries’ oil and gas companies and increased rhetoric.

In addition to following best practices, our analysts provide some recommendations to help protect against the potential threat to organizations from Iran, as well as recommendations to secure OT networks. Read more in the January 2020 edition of the GTIC Monthly Threat Report.