search.noResults

search.searching

saml.title
dataCollection.invalidEmail
note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
66 | Feature: Cybersecurity


CYBERSECURITY OPERATION


Andy Norton, chief cyber risk officer at Armis, explains why operational technology is vulnerable to cybersecurity threats


SUMMARY


■The worlds of IT and OT are converging


■OT systems can be vulnerable to hackers


■The OT team is often hesitant to allow IT departments to take action


Historically, IT and operational technology (OT) were kept separate as there was no need for overlap. However, more recently the worlds of IT and OT have been increasingly colliding as a result of OT operations connecting to IT networks. The new converged environments have caused a variety of problems for organisations and regulators, who now find themselves struggling with the implications of large-scale attacks targeting critical national infrastructure. The consequences were felt in Florida, for instance, when a hacker attempted to change the PH levels of the water plant as well as during the attack on the Colonial pipeline in 2021.


This new development leaves systems vulnerable, especially as they connect to mainstream IT networks. Consequently, organisations have to boost their existing security and fill any gaps that could pose as an open door for unauthorised access or control. That being said, how will organisations be able to deal with the “OT security problem” without affecting production, business continuity or their pre- existing cybersecurity posture?


IT VULNERABILITIES Over the course of 2021 there has been a rise in weaknesses within OT environments. One example of this can be seen in the vulnerabilities found in Schneider Electric’s Modicon PLCs. If exploited, these weaknesses would allow an attacker to execute remote code and take control of unpatched equipment.


OT weaknesses aren’t the only security gap that can lead to damaging cyber incidents. The attack on the Colonial pipeline in the


US in 2021 also highlighted how gaps in IT can be used by attackers to gain access of systems and launch large-scale attacks such as ransomware. Ultimately, it was the attack on the IT system that affected the billing capability, not the OT network. This new interconnectedness between OT and IT environments has led to the creation of pathways that threat actors can use to gain entry onto networks. OT can be exploited quite simply but only in specific circumstances, as the equipment is often siloed and protected. IT on the other hand, is vulnerable to security gaps, meaning risks surface more regularly. A compromised credential or remote desktop protocol (RDP), for example, poses no risk to the incident command system (ICS) environment unless there are issues with the layers of segmentation. If an attacker then breaches the IT environment, they would have the potential access to target ICS operations. As a result, there are several routes to infection from IT to OT, which can lead to serious consequences if they are exploited by malicious actors.


WHAT ARE THE CHALLENGES OF OT? Due to the variety in both the design and history of OT devices, they often can’t run a conventional security client, which impedes visibility. Using an agentless approach, security teams can monitor network traffic passively while making sure not to impact production. This type of technology listens to traffic on a network and can simultaneously build an inventory. That being said, if malware is detected on an OT device, the OT team is often hesitant to allow IT departments to take action to avoid a service outage. Consequently, this leads to delays in patching and internal conflict between teams. Using an agentless approach allows organisations to have full visibility into the devices that are connected to their networks giving them time to identify and mitigate any suspicious behaviour or devices. While this can be quite complicated, it is a vital part of the process and it takes several types of traffic to identify particular devices, especially those that are less active than others. Unlike with IT security operations, which have a security operations centre (SOC)


TTJ | January/February 2022 | www.ttjonline.com


to process specific alerts, OT people often find out about incidents through the IT department. As a result, OT is more vulnerable to threats as incident responses can be delayed. What’s more, this gap in security can uncover regulatory weaknesses in the requirements of certain cyber frameworks such as IEC62443, which regards the adequacy of security within OT. This lack of security within OT means existing IT resources have to be used for both, leaving IT teams with the responsibility of securing OT environments as well as IT networks. IT and OT differ philosophically in many ways and IT people don’t always have the right skills or knowledge to deal with OT security issues. Unfortunately, this creates both a skills and cybersecurity gap. Any cybersecurity breaches/incidents regarding OT environments can be catastrophic, as seen with the attacks on critical national infrastructure in the US last year. Since the merge between IT and OT, communication between both is key to creating a strong security posture, even though the OT team isn’t a typical part of IT governance. This communication is vital in bridging the gap and ensuring governance, consistency and certainty between both IT and OT environments and preventing gaps in security that can lead to large-scale cyber- attacks. ■


Above: Andy Norton, chief cyber risk officer at Armis


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60  |  Page 61  |  Page 62  |  Page 63  |  Page 64  |  Page 65  |  Page 66  |  Page 67  |  Page 68  |  Page 69  |  Page 70  |  Page 71  |  Page 72  |  Page 73  |  Page 74  |  Page 75  |  Page 76  |  Page 77