The increasing frequency and sophistication of successful Operational Technology (OT) cyber-attacks serve as a wake-up call to all asset operators, controls engineers, IT network operations and cybersecurity teams, IT and OT alike. Feeble defense in depth in today’s cyber ecosphere gives adversaries unfair advantages to easily purpurate an attack. Ensuring critical life safety, environmental and interruptions to processes and operations are irrepressible to today’s cyber threats. And to proactively secure mission critical OT cybersecurity and what organizations need to consider as they plan their 2021 to prepare cyber strategies and beyond.
Never too late to start NOW Precedence #1:Threats Against Critical Infrastructure expanding Cyber-Attack Surface (Remote Work, IoT, Supply Chain). 2021 circumstances are apt for an impeccable tsunami for Industrial Control Systems(ICS), OT, iIoT and IoT systems which are longer proprietary or isolated or air gapped networks. Interconnected control systems are more opening with IT/OT convergence as they co-mingle with IT boundary business networks and cross contamination of traffic from LAN, WAN, Internet, Wi-Fi, Control networks and CIP protocols.
There are several factors that have led to the massive expansion of the global cyber-attack surface. These trends include digital transformation moving towards the early stages of the 4.0 Industrial Revolution that is emphasized by digital communications and the interlocking of machine and human.
OT ecosystems generally lack the IT cybersecurity hygiene such as AV, EDR, SIEM, SOAR, SSO including AAA services (Authentication, Authorization and Auditing). Asset owners need derive effective way of protecting tactics, techniques, and procedures that are purpose built for OT and provide security controls that truly understand OT Cyber security principles with priority on Availability, Integrity and Confidentiality which is literally reverse order for IT Security controls hence enforcing IT Security controls on OT ecosystem is grossly misunderstood.
Ransomware as a Cyber Weapon of Choice Precedence #2: Ransomware has been around for almost two decades and cultivated in popularity due to more ease of profiter financial rewards to threat actors. The ransomware became a weapon of choice due to COVID-19 persuaded digital remote workforce had created more targets for extortion.
The inclination in 2021 is that criminal threat actors are becoming more sophisticated in their phishing exploits with use of machine learning and more coordinated sharing on the dark webs. Evolution of cryptocurrencies made matter worst to easily hide the digital currency from financial traceability of any wrong doings. With the advent of cryptocurrencies in ransomware, it became a profit motive for a lot of the criminal enterprises.
Regulations are advancingPrecedence #3: Governmental and Regulations are advancing. 2020/21 Cyber breaches are the digital pandemic like Covid-19 advancing rapid shift towards more remote operations. This transferalintricates a combination of innovative technology and process’s introduction further putting OT operation at risk, and it is not clear that these changes have taken advantage of the clear guidance on secure design and risk assessment from the ISA/IEC 62443, NERC CIP, NIST 800-53, ISO 270001, ISA/IEC 62443, TSA Pipeline, DHS CFATS, or ISA S99 series of standards. All these specifications points to NIST standardize Cyber Security Framework (CSF). Asset operators and Cyber Security needs to start shaping their desired target state by dissecting what’s most critical assets that needs maximum protection.
To help revolutionize threats, critical infrastructure asset operators should apply a comprehensive risk framework to implement to address vulnerabilities to OT/IT convergence including “security by design”, defense in depth, and zero trust to counter cyber threats.