Some of the government’s top agencies tasked with cybersecurity (the NSA and CISA) have recently shared serious warnings about increased cyberattacks on operational technology and critical infrastructure. The Colonial Pipeline ransomware attack and the Cape Cod ferry attack are examples of recent high-profile successful attacks on operational technology systems.
“As we’ve said many times, our adversaries are capable, imaginative, and aim to disrupt essential services, so it is important that we make sure we are staying ahead of them,” said Bryan Ware, Assistant Director for Cybersecurity, CISA, earlier this year.
What is Operational Technology (OT)
Most people have a firm grasp on what IT, or information technology, encompasses but have never heard of OT, or operational technology. OT integrates hardware and software that guide the operations of infrastructure and industrial equipment and processes.
Common examples of OT assets include building management systems and physical access and security systems. In addition, ATMs are common operational technology assets that many of us utilize every day.
Why Am I Hearing About OT All of a Sudden?
These systems used to be entirely offline, but technological advances, including Internet of Things (IoT) technology, have brought many industrial processes and operational assets online. This trend is part of Industry 4.0, which is driven by interconnectivity, automation, machine learning, and real-time data. Think of it as the industrial revolution but set in the information era.
However, sometimes innovation bursts to the forefront before the consequences of real-world implementation catch up. For example, many legacy OT assets that are now connected to networks around the world do not have extensive cybersecurity controls—cybersecurity wasn’t necessary before they were accessible via the internet. Additionally, the innovation and use of IoT technology are ripe for exposing security gaps as industries and companies rush to capitalize on efficiencies and growth potential from the technology.
What Sectors Utilize OT?
The obvious industries impacted are ones seen in the news recently—energy pipelines, mass transit, and food production—but many other sectors also have the potential for exposure. For example, biotech and pharmaceutical companies that utilize OT in manufacturing processes, the use of Supervisory Control and Data Acquisition (SCADA) in industrial construction and real estate development, and in the banking and finance sector with the growth of automation systems like Robotic Process Automation (RPA). While not all sectors are vulnerable to direct OT attacks, most are indirectly vulnerable—primarily from attacks on supply chains, mass transit and transportation systems, energy distribution, or similar all-encompassing infrastructure.
Key OT Cyber Security Takeaways
The solutions for protecting OT are very similar in many ways to protecting IT. Here are just some of the items to consider when evaluating your operational technology risk.
- Evaluate – Every connection between OT and IT increases the risk of potential OT exploitations, so experts recommend that only critical OT assets should be connected to networks and not just for convenience’s sake. Instead, thoughtfully consider the potential risks and rewards or making new or supporting existing OT connections to your networks.
- Harden – Additionally, any OT connections should be hardened to the greatest degree possible and include strict controls on remote access services, strong password management, the use of a VPN and encryption of remote access, among other protections. Patch management should also be a priority in OT security to help protect against known exploits.
- Monitor – Implement real-time monitoring and log access attempts to detect unauthorized access attempts and other malicious activity.
- Plan – With increased risk comes the potential for an incident. Therefore, risk management is not just about avoiding an attack but should also include creating an incident response plan that includes OT assets and IT.
About Coretellligent
Led by world-class technology experts, Coretelligent offers best-in-class services covering a full range of technology needs: 360 Support, Unified Cloud Management, CoreBDR, and CoreArmor. Top-tier organizations in the financial services, life sciences, technology, legal, real estate investment, and professional services sectors rely on Coretelligent to maximize their technology return on investment.
