By Rick Peters
Among modern cybersecurity threats, attacks on infrastructure and operational technology (OT) could have the most far-reaching consequence. Industrial cyber-attacks target the control systems for critical services like manufacturing, oil and gas, electrical generation and distribution, aviation, maritime, rail, and utilities. Affording immediate impact and severe consequence on large populations or industries, OT systems make attractive targets for malicious cyber adversaries that represent state sponsored, criminally motivated, or even the trusted insider with a malicious agenda.
On a broad industry spectrum, OT organizations and security professionals are taking note. The 2020 Fortinet State of Operational Technology Report found that nearly 9 out of 10 organizations experienced at least one OT system intrusions, up 19 per cent from the preceding year. Almost 65 per cent experienced three or more intrusions, often causing damages to productivity, revenue, intellectual property, brand reputation, and safety.
For OT organizations, especially those delivering on national infrastructure and services, ensuring safety, uptime, and availability are critical. But as business needs require IT and OT networks to digitally connect, the risks to OT systems have increased. Today’s rising threats require a proportional response that leverages IT and OT security expertise with a platform approach that implements network segmentation, AI and automation, trusted identity, and access management to secure critical OT systems and services. Anything less could potentially result in dire consequences.
Changing OT landscape
OT systems historically didn’t attract nor were they a priority for security teams. Previously, most were air-gapped and separate from IT networks, so they didn’t require the same level of connected system security scrutiny. As external network connectivity rose in popularity for OT systems, security needs were often addressed with point-specific fixes that could increase network complexity and lower visibility. Today, business needs and digital innovation have resulted in a convergence of IT and OT networks, a change further fueled by the emergence of Industrial Internet of Things (IIoT) devices and the promise of 5G.
Access to the data or fused intelligence collected by OT systems is both a business necessity and an advantage, requiring organizations to move away from policies of OT isolation. When OT systems interact with IT systems, the data collected through physical equipment or IIOT devices can rapidly pinpoint problems or increase efficiency across the business. On the flip side, it also heightens system security risk. As the integration of OT and IT networks accelerates, the digital attack surface expands, exposing OT networks to threats coming from IT networks.
Meeting the security challenge
With accelerated growth and dependence on enabled IoT and IIoT devices, security considerations must go beyond the on-premise system, the operating system, and the network infrastructure. A more comprehensive approach addresses identification, protection, detection, response, and recovery to protect high-value physical assets. In addition, exciting innovations in IT, such as artificial intelligence (AI) and big data analytics, promise improved outcomes for industrial OT networks.
Taking advantage of these innovations with balanced consideration toward cybersecurity requires a platform approach. For OT organizations, Fortinet’s Security Fabric helps address the extended digital attack surface by seamlessly integrating the value of Zero Trust Access, Security-Driven Networking, Adaptive Cloud Security, and AI-Driven Security Operations.
Zero-trust access enables extended security considerations beyond visibility to include access control and management. A zero-trust approach ensures individuals, applications, and devices are limited to activities and information based on defined roles or functions. This approach proactively addresses vulnerabilities and makes it easier to identify malicious or suspicious activity.
A security-driven networking strategy integrates network infrastructure with security architecture for adaptive networks that can evolve to meet new security threats. For dynamic environments like IT-OT integrated networks, this approach makes security the central consideration for all business-driven decisions and provides consistent enforcement across the network. Adaptive cloud security solutions provide similar control across cloud cybersecurity infrastructures, offering greater visibility and secure connectivity.
Given the complexity of IT-OT integrated environments, leveraging artificial intelligence (AI) driven tools can help organizations deal with the volume and sophistication of cyberthreats. For example, AI and automation can accelerate risk reduction and efficiently maintain a continuous trust model by combining behaviour-based endpoint protection, detection, and response, as well as centralized visibility and analytics. This type of always-on, automated response to threats is critical for OT organizations, especially those delivering national infrastructure services people depend on, like power, water, or transportation.
To stay competitive and ensure operational continuity, industrial organizations will continue to connect OT environments to their IT networks. This integration is a significant strategic advantage but can also increase the likelihood of security threats. To help thwart the rising threat level, OT organizations must selectively employ IT network security best practices across the OT enterprise architecture and adopt a platform approach that seamlessly addresses network segmentation, AI and automation, identity, access management, and more.
Rick Peters is CISO Operational Technology North America at Fortinet