By Rick Peters
Threat actors eager to maximize disruptions and payouts have a new and compelling target – critical infrastructures such as factories, transportation networks, and utilities. These targeted threats are especially egregious because of their potential for widespread disruption to industries and populations. For instance, the consequence of interruptions to utilities or traffic control can have severe impact and cause a ripple effect that creates a broad social climate of uncertainty and panic motivated response.
Critical infrastructure is often targeted through operational technology (OT) systems that depend upon hardware and software to monitor and control devices and processes. Historically, OT attacks were rare, limited to specialized industrial control (ICS) and supervisory control and data acquisition (SCADA) systems. Today, attack tactics and techniques are designed for these systems are readily available on the dark web for anyone to purchase and use.
The May 2021 ransomware attack against the Colonial Pipeline made headline news and served as a wake-up call for critical infrastructure (CI) asset owners and operators everywhere. The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) called for a heightened alert. The attack made it clear that OT organizations must adopt a proactive cybersecurity strategy to ensure they possess the visibility, control, and threat intelligence needed to protect every connection point to guard against this growing threat.
Connecting the dots
While digital connectivity between IT and OT networks makes good business sense, it has also proportionally increased the risk. Traditionally, IT and OT networks were kept separate employing air-gap to isolate cyber physical assets. As a result, OT networks were largely overlooked by cybercriminals. However, obscurity does not make a strong defense strategy.
The connectivity or convergence of IT and OT networks means that threat actors can leverage vulnerable OT access points to infiltrate corporate infrastructures. Many organizations turn to point solutions that address specific connection issues. Unfortunately, this often resulted in overly complex networks, duplicated security efforts, and limited network visibility. These challenges create vulnerabilities that threat actors are keen to exploit.
Always be prepared for worse
OT organizations are facing an increase in cyberattacks. Fortinet’s “State of Operational Technology and Cybersecurity Report,” reported that 9 out of 10 OT organizations experienced at least one intrusion in the past year and 63 per cent had three or more intrusions. Further, 58 per cent reported phishing attacks, up from 43 per cent from the previous year.
Cases of ransomware have also increased in severity and frequency. According to FortiGuard Labs, ransomware incidents increased nearly eleven-fold from 2020 to 2021 and are remaining at peak levels. Every successful exploit encourages threat actors to reuse the tactics, techniques, and tools they employed, or worse, sell them online as a service.
A better line of sight for OT
Preventing cyberattacks on critical or operational infrastructure requires better visibility and integration between the IT and OT networks. Solutions must enforce earned trust for on-premise systems and Internet of Things (IoT) and Industrial Internet of Things (IIoT) devices to ensure they have an established baseline of trust and enforced role based access.
An infrastructure control strategy that can restrict and contain suspicious activity or irregular behaviour is also critical. Implementing zero-trust network access (ZTNA) can help limit user or device access to the resources necessary for a specific role or function. If privileges are compromised, or behaviours are suspect, an attacker’s access to the OT network can be restricted. Further, investments in behavioural analysis methods powered by AI and machine learning can enable OT organizations to rapidly detect and isolate suspicious behavior.
Looking to the future
The potential severity of attacks on OT platforms will continue to make them appealing targets for cybercriminals and bad actor nation-states. Staying ahead of threats and the dynamic threat landscape created by IT and OT convergence demands that organizations keep up with the latest cybersecurity best practices.
Securing critical infrastructure requires CISOs to adopt solutions that span the entire IT and OT network enterprise. OT organizations should be proactive with their cybersecurity strategy by focusing on visibility, control, and behavior analysis.
While IT-related exploits remain more prevalent, attacks targeting OT will continue to grow. The success of high-profile IT and OT attacks, like the one that resulted in OT consequence at Colonial Pipeline, continues to embolden threat actors. OT organizations can no longer hold onto the outdated perception that ICS and OT exploits are rare. The potential to disrupt industries and populations is too tempting a target. To protect operational systems, OT organizations must safeguard every point of connection – or risk becoming the next front-page news story.
Rick Peters is CISO Operational Technology North America at Fortinet
Learn how Fortinet secures the convergence of OT and IT. By designing security into complex infrastructure via the Fortinet Security Fabric, organizations have an efficient, non-disruptive way to ensure that the OT environment is protected and compliant.