By Graham Bushkes
Digital transformation around the world has moved beyond the Information Technology (IT) environment into the Operational Technology (OT) environment, uncovering new business efficiencies and reducing costs. However, the convergence of previously distinct and separate technologies has inadvertently made many of Canada’s critical infrastructure and services a target for cybercrime. And that’s a big problem.
Operational technology (OT) includes the hardware and software that monitors and controls physical processes, devices, and infrastructure. They perform tasks ranging from monitoring critical infrastructure to managing manufacturing processes. OT is common across crucial industries such as manufacturing, electrical generation and distribution, travel and utilities.
The number of cyber threats against industrial control systems is rising, and their impact is becoming more dangerous. A recent report by Gartner predicted that by 2025, cyber attackers will have weaponized OT environments, making them potentially damaging to human life and critical infrastructure.
The Threat Landscape
The threat landscape continues to evolve, with the emergence of more players working in more sophisticated ways. Recent attack trends demonstrate that the strategies and tactics generally used by Advanced Persistent Threat (APT) groups are being made available to a broad group of bad actors.
Private businesses, government and law enforcement agencies must work together to combat the risks inherent in the interconnected network of buildings and smart infrastructure. These are often ageing systems, facing a nimble enemy with the capacity to evade security and detection.
Developing a response plan should be a key priority and supported at the C-suite level. Exploring potential worst cases and regularly running tabletop exercises to test the plan is essential. By practicing how to shut down systems and perform backup and restore operations, the response plan can become almost second nature – which will save time in the case of a real issue.
In addition to a response plan, OT organizations should prepare their infrastructure for the future. Investments should help build defences and resilience so organizations can respond to major incidents like cyberattacks or natural disasters.
Organizations, from pipelines to rail, and pharma to food production, are becoming more engaged in cyber security. At the board level, interest has shifted from just a readiness discussion to understanding how to evaluate and report readiness.
Leadership will play an essential role in securing manufacturing facilities and operations. By ensuring synergies with operation centres, those on the OT side of the business can better identify real threats.
In addition to improving the communications flow between IT operations centres and OT engineers, taking inventory and understanding vulnerabilities is also important. Virtually any point of access or OT device can be targeted by bad actors attempting to infiltrate the IT network. Where there is OT-IT convergence, organizations need complete visibility into all assets and their inherited vulnerabilities.
Shoring up Protections
While there’s no single solution to protecting OT networks, a proactive approach can deter threats such as ransomware. Real-time visibility, security, and remediation coupled with advanced endpoint detection and response (EDR) can help provide a better line of sight for security teams. Further, adopting a zero-trust approach can ensure the people and devices connecting the network have appropriate permissions. Zero-trust network access (ZTNA) further locks things down by ensuring people access applications safely from anywhere.
Organizations can put the power of AI and ML to work by adopting cybersecurity platforms that offer advanced automated detection and response capabilities. Informed by actionable threat intelligence, organizations will find it easier to deal with emerging variants to protect all network edges better.
In addition to threat intelligence services, organizations can bolster their security teams by investing in a digital risk protection service (DRPS) to perform external threat surface assessments or identify and remediate security issues.
Organizations can also look to deception technology to help thwart intruders. As a strategy, deception technology lures cyber criminals away from tangible assets toward a decoy, mimicking legitimate servers, applications and data. This fabricated surface confuses attackers, revealing their presence and slowing them down.
Convergence has dragged OT into the world of digital transformation. While the opportunity it presents has tremendous business value, it also comes with more risk. Traditional OT organizations need to think long-term about the investments required to secure against intrusions – especially in the sectors that could have catastrophic consequences. Beyond strategic investments, leaders must champion the investments and crisis response planning needed, to maintain a state of readiness in the face of a rapidly changing threat landscape.
Graham Bushkes is Vice President Sales Canada, Public Sector and Channels at Fortinet.