As organisations make their operations more agile in response to a quickly evolving marketplace, many operational technology (OT) systems are being connected to the outside world for the first time. This trend promises great benefits for organisations but also directly exposes OT systems to cyberthreats they were never prepared to address.
Historically, OT has generally operated autonomously and fully isolated both from the Internet and IT network. This isolation has been known as the ‘Air Gap’ that traditionally – and perhaps, questionably – protected OT systems from reconnaissance, hacking attempts and other malicious activities.
In most organisations today, however, this Air Gap is now considered history. And if still operational here and there, is certainly prone to security holes as a result of the increased number of connectivity vectors in place today. Consequently, adversaries are increasingly targeting OT systems as a result.
As OT systems become more connected, this trend of increased attacks seems likely to continue. New levels of exposure for critical systems requires organisations to adhere to more rigorous security operations and life-cycle management best practices, enabling them to protect their organisations from major threats to the core of their business. As a result, OT and IT teams need to come together to respond comprehensively and cohesively to this increasing threat.
Cyberthreats and increased OT exposure
While convergence provides clear benefits, the decline in the use of the Air Gap and the tendency for OT to adopt IT solutions and protocols, exposes critical systems to cyberthreats across a far broader spectrum than ever before. Using common and consistent security measures as part of any convergence strategy is a good business approach.
Indeed, taking such an approach to convergence efforts provides effective monitoring, faster incident response and thorough process control, to name just a few advantages, as well as significant cost savings through a unified converged infrastructure.
However, one of the industry’s main challenges is that the operational life span of provisioned OT systems is far greater than in any IT environment. As a result, you’ll find unpatched and unsupported technologies sometimes years or decades old, which are now being exposed to the outside world for the first time. A brief glimpse into the scale of this issue is worth considering. According to a recent Fortinet commissioned survey conducted by
- Half of respondents agreed that their factory machinery is unprepared to fight off cybersecurity threats.
- Fifty five percent of respondents either have no plans to implement cybersecurity or will only implement cybersecurity over the next 12 months.
- Ninety one percent said the securing of factory machinery should be a shared IT and OT responsibility.
Recently, Fortinet’s FortiGuard Labs’ Threat Analysts Team conducted a thorough analysis of a malicious ransomware built for and targeting critical infrastructures. At the time, LockerGoga was a new ransomware family that had been detected successfully attacking industrial companies, sometimes severely compromising their operations.
Interestingly, there was little about LockerGoga that set it apart from other ransomware in terms of sophistication, other than its focus on OT systems. But while most ransomware tools rely on some level of obfuscation to avoid detection, when FortiGuard Labs analysed LockerGoga patient zero they discovered that it used little if any obfuscation.
The developers knew that the environments they were targeting generally had no ability to detect malware. This should be taken as a clear statement on the state of – and general lack of – appropriate cybersecurity measures in place within the OT sector.
Team collaboration is key
Cybersecurity factors are controllable in an OT network. However, organisations need to build an integrated team, using member from both IT and OT, with the authority to decide upon risks and the measures required to control them. This is borne out from the same Forrester study cited previously: 58 percent of respondents believe that clear and regular communication from a central management team is essential for ensuring a successful IT/OT convergence.
Of course, some aspects of unified teamwork might be slightly more difficult due to clearly different – and sometimes oppositional – objectives between teams. (For example, while confidentiality is the top concern for IT systems in order to protect data and occasional systems downtime is expected, this is the reverse for OT networks, where uninterrupted availability is mission-critical.) At such times, it is important for teams to not only communicate effectively but also listen carefully, remembering that the only constant in life is change.
IT/OT convergence is key for organisations to meet evolving business demands, establish enterprise agility and maintain a strong cybersecurity profile. And ensuring that convergence cannot be successful without full cooperation and compromise, between both the IT and OT teams.
The goal of converging IT and OT is to strengthen the entire organisation. Achieving this requires finding ways to address the differences between IT and OT environments while enabling modern technology capabilities to support digital innovation, with both agility and security as common objectives.
Rapidly embracing today’s cybersecurity technologies should be a top priority for decision makers. However, before the demands of competing in a digital marketplace began driving the need for agility and performance, security was often only applied as an afterthought.
Organisations that take that approach today expose themselves to serious risk. Therefore, thinking, planning and implementing a convergence strategy, with a common and unified cybersecurity framework at its core, will enable system owners to confidently move forward towards a converged infrastructure while sustaining safe and continuous operations.
(Dino-Boris Dougoud is Senior Systems Engineer OT/CI EMEA at Fortinet)