Like many organizations that rely on operational technology (OT) and industrial control systems (ICSs) to accelerate manufacturing and the delivery of services, you’ve probably already invested millions in both technologies and people to help keep things running with an aim to reach peak performance. And you’re probably dealing with a combination of aging, legacy equipment that still projects years of lifecycle performance, along with rising demands to use and implement newer technologies such as IoT devices and cloud services. Sound familiar?
To resolve some of these issues and optimize OT costs, you may have started to leverage some of the practices traditionally entrusted to IT. This is the beginning of IT and OT convergence. This convergence includes areas of responsibility, hardware and networking equipment.
But digitally connecting the OT environment to the IT network also exposes OT assets to a new level of cybersecurity risk.
With the convergence of IT and OT comes an expanding attack surface and disparate systems, which potentially puts your organization at risk of system downtime and data loss. This translates into increased liability imposed by the market, customers and shareholders.
The next significant threat is distilling
Today, network breaches happen with alarming regularity and create havoc for business operations. Without a doubt, you’ve paid attention to the news of these malicious attacks. It’s bad enough when your customer and financial data are held for ransom. The stakes are raised even higher when a network breach affects physical control systems employed in industrial settings or public services and utilities, because the potential for physical harm to communities and individuals is enormous.
Welcome to the new era of ‘killware’ – literally, lethal malware.
It's only a matter of time before killware will have claimed its first victim, an unwelcome outcome which is top of mind for many government and law enforcement agencies. The media, however, has largely downplayed known OT attacks and threats, such as the discovery of the Triton malware in December 2017 on the OT systems of a petrochemical facility. Its purpose was to disable the safety instrumented system (SIS) built to shut down the plant in case of a hazardous event. If the malware had been effective, then loss of life would have been highly likely.i
To make matters worse, these threats are in addition to existing IT malware. Since OT networks also run IT-based operating systems (e.g., Microsoft Windows), IT malware has the potential to cause interruption and shutdown of devices in the OT network.
Given the increasing rate and voracity of OT threats, it’s likely that by 2025 operational technology environments will have been weaponized to harm or kill humans.ii While such dire predictions may be taken with an air of skepticism, the truth is that OT and ICSs will move from collateral damage in malware and ransomware attacks to targets for exploitation.
OT response and recovery in the event of a breachOne of the best things you can do to prepare is to formulate a swift response and recovery plan that spans your OT environment, IT estate and the overall business – especially when it comes to your networks and the security of your endpoints. As noted in our last post, until recently, OT networks functioned as isolated, air-gapped environments, and cybersecurity was not a top priority. Exploits against supervisory control and data acquisition (SCADA) or ICSs were viewed by many as a rare subset of highly targeted attacks that most organizations needn’t concern themselves with.iii
This is changing as OT has adopted innovative technologies and leverages existing technology within the organization (which is typically IT equipment). This has led to a layered and overlapping approach to networks. What was once separate and unreachable may now be reachable via the Internet or from the internal IT network, making the environment inherently vulnerable. Chances are, as you’ve evolved your OT and ICS, you’ve unintentionally introduced network and endpoint vulnerabilities.
An ounce of prevention
When it comes to security, an ounce of prevention in the form of proven network security best practices can go a long way to help avoid reactionary scramble, loss and expense. You need to focus on what you need to do to make your OT more secure, as well as how you will respond and recover when you are breached. After the millions you’ve invested in refining and evolving your operational technologies, keeping them secure shouldn’t be an afterthought.
If you need help with establishing an IT-OT security framework capable of rapid response and recovery to breaches, as well as preventing breaches from happening in the first place, reach out to NTT, We can help you build a robust IT-OT converged network, reducing your financial and reputational risk of breaches.
i Voster, Wam, The Emergence of Killware, The New Malware, July 2021
ii Gartner, Gartner Predicts By 2025 Cyber Attackers Will Have Weaponized Operational Technology Environments to Successfully Harm or Kill Humans
iii Fortinet, Global Threat Landscape Report, August 2021