In June 2020, Honda was forced to shut down two automotive plants due to a ransomware attack. The company was quick to reassure the public that there had been no leakage of personally identifying data like customer passwords or credit cards. But the damage, both financial and reputational, was already done.
Today’s headlines are littered with news of cyberattacks. So much so that most of us barely notice anymore. But the Honda attack seems to point to a sea change. Instead of targeting IT systems first, then moving on to operational technology (OT) and industrial control systems (ICS), hackers are now hitting OT first.
Why go after OT systems? Hackers are well aware that:
• Connectivity has been increasing across industrial control systems.
• OT systems are less secure than many IT systems.
• OT systems are not secured by most conventional cybersecurity solutions.
Which industries are being increasingly targeted by threat actors, including some at the nation-state level? Essentially, anywhere that vulnerable OT systems are in place, including transportation, oil and gas, manufacturing, energy and utilities.
The increase in connectivity among OT devices and systems helps keep your critical industrial processes up to date and running smoothly. But it also risks exposing all your OT-related devices and facilities. The more interconnected these systems are across manufacturing and critical infrastructure facilities, the greater the potential that cyberattacks could cause major disruption and damage.
Let’s explore what makes OT devices more vulnerable, then examine why protecting them is critical.
Why are OT devices more vulnerable?
OT devices are essentially electronic tools used to manage, monitor and maintain industrial operations, including equipment and other assets as well as processes. This technology developed in parallel to mainstream IT, albeit completely separately since it emerged directly in response to needs within the industrial sector.
OT is used in industry as sensors, actuators, robots and programmable logic controllers. Originally developed by industrial equipment vendors for performance and safety, they were mainly seen as ‘shop floor’ devices without much intelligence. At the time, security was a complete non-issue: these devices couldn’t be hacked because they weren’t online. Within this completely separate realm, there was no need for any security policies or system management.
Today, OT has changed radically. More manufacturers are seeing the benefits of bringing their OT devices online, allowing them greater control over processes, greater sophistication in their analysis and optimisation, and faster alerts when problems arise.
Understanding the origin of OT helps us understand why these devices are inherently more vulnerable:
• A typical industrial network includes devices from multiple manufacturers.
• These devices are created with weak or hardcoded passwords.
• They are operated and managed by manufacturing rather than IT.
• Their software often can’t be updated or patched, or they can’t be offline long enough to update them.
• IT doesn’t have full transparency into the range and type of devices functioning within OT.
This last point is probably the most important. While IT is charged with managing your overall security posture, in most organisations OT devices fall through the cracks, creating a general lack of security consciousness about how to deal with them. Then, when connected to the outside world, they become the weak link in a security chain that ultimately puts your whole organisation at risk.
Once hackers have managed to penetrate your organisation, they can choose to remain on the OT side of things or move laterally to IT and mission-critical business devices. From inside your network, hackers can steal intellectual property and other protected data; covertly monitor internal network traffic, obtaining confidential information and trade secrets; take control of critical manufacturing operations and building infrastructure – or a combination of these.
According to a Deloitte report on cyber risk in manufacturing, an attack can result in “loss of valuable ideas and market advantage to financial and reputational damage – particularly in cases where sensitive customer data is compromised.”
Why is protecting OT more critical now than ever before?
Recognising the vulnerability of OT, hackers have begun changing their modus operandi. Formerly, if they wanted to impact operations they’d target IT first, then move laterally toward OT. Today, this has changed – many hackers are targeting OT first, recognising that OT is usually more vulnerable.
Additionally, new strains of malware, such as EKANS, are being developed to directly target OT and take advantage of its specific vulnerabilities. While ICS malware is still relatively rare in the wild, it will almost certainly increase in the near future with the success of a few recent high-profile attacks – such as Triton/Trisis and Industroyer – targeted at ICS.
But the biggest reason you need to act now to protect your OT devices? Because no one truly knows the scope of the problem. And that’s because most companies that fall victim to OT cyberattacks don’t go public with the news.
When a Norwegian aluminium manufacturer was hit with a massive ransomware attack in 2019, shutting down plants for weeks and costing up to $110 million in production, it bucked the trend: it shared all the details in an effort to help other companies. “You really don’t believe it,” said a senior VP with the company, still reeling from the shock of the attack.
But when security journal CyberScoop called other manufacturers in the US and the EU who’d reportedly been hit by similar attacks, not a single one was willing to comment due to the stigma attached to being breached.
Their silence is dangerous. Not hearing about attacks does not mean they aren’t happening, and your organisation might be next.
A safer, more secure approach
Check Point provides the industry’s most comprehensive cybersecurity solution for ICS systems, keeping OT devices on your network – including industrial controllers, scada servers and sensors – secure and protected, while safeguarding the rest of your assets at the same time.
Check Point’s Quantum IoT Protect enables you to:
• Block attacks before they reach critical OT systems with more effective threat prevention than software methods.
• Minimise risk exposure with auto-generated policies that are simple to implement.
• Isolate vulnerable OT devices from critical IT functions with IT/OT network segmentation.
• Get a grip on your entire network with comprehensive risk analysis.
You can only protect what you can see. With the rise in attacks on OT devices, IT can no longer afford to turn a blind eye. Quantum IoT Protect will help you preserve your reputation, avoid unnecessary downtime, and save you from financial loss due to malware or regulatory fines. With Check Point’s Quantum IoT Protect for Industrial, IT and OT systems work hand in hand to keep your entire organisation running efficiently, effectively and securely.
Find out more about protecting OT and ICS networks from IT attack vectors at this site.
© Technews Publishing (Pty) Ltd | All Rights Reserved