Authored by Mr. Rakesh Kharwal, Managing Director - India/South Asia & ASEAN, Cyberbit
A majority of working professionals today are well-versed with the term ‘Information Technology’ and can correlate it with digital information systems, especially concerning data storage, transmission, recovery, and protection within software applications and mainframe systems. When you speak about OT, or ‘Operational Technology’, there is very little awareness in the market.
However, the lines between IT and OT networks are rapidly blurring with every day that passes, making it imperative for everyone to know what it is and why its security has become critical to secure IT mainframes and applications.
What Is Operational Technology?
Operational Technology relates to the hardware and software framework used to supervise and control industrial equipment as well as critical processes. Some of its use cases are utilities, manufacturing plants, traffic control systems, electric grids, baggage control in airports, and so on. It involves specialized frameworks including Supervisory Control, and Data Acquisition (SCADA), distributed control systems, process control domains, safety instrumented systems, programmable logic controllers, and building management and automation systems (IoT applications) which are usually bundled together as Industrial Control Systems (ICS).
The Convergence of IT and OT Networks
In the past, IT and OT operations were handled by different departmental silos without relying on each other. Over the last decade, however, a steady change has occurred, wherein OT systems are gradually being monitored over digital networks that combine IT technologies and often communicate with the existing, conventional IT network. This transformation is considerably amplified with the infusion of IoT to wide-ranging industries. The groundwork of the IT and OT convergence is being laid by Industrial IoT (IIoT), which comprises connected sensors, devices, and instruments that gather and share data for multiple industrial applications. The system hence created is popularly known as Industry 4.0 and also as the Fourth Industrial Revolution.
The primary goal of Industry 4.0 is to increase operational efficiency by optimizing data collection and exchange between different network components (including machines, assets, and applications). It also intends to interoperably ramp-up processes amongst physical and digital systems. However, the amalgamation of IT and OT networks has also introduced several challenges for organizations. They include:
Legacy and non-standard technology: OT systems predominantly leverage decades-old technologies which were developed much before modern security protocols, such as encryption and password protection – were created. In addition, the protocols and standards in these networks are dominated by the vendors that provide the control devices. So, we may find networks that are not IP based at all. Or, we may find networks that run multiple communication protocols, which are vendor-specific, and nonstandard. This poses a challenge for security vendors because conventional security systems cannot understand and analyse these protocols and detect threats.
Outdated Systems: OT network components, such as PLCs (Programmable Logic Controllers), are not updated as often as IT systems and hence are vulnerable. Even when security systems are installed over IT assets (in OT networks), such assets can themselves be found laced with known vulnerabilities since they function on outdated systems that may no longer have vendor support. For example, we may find control devices that run Windows NT.
Unsecure Connections: OT devices and professionals also leverage IT networks, computers, and USBs to easily control data exchange or upload new applications. This exchange is often done using unsecured devices and unencrypted Wi-Fi connections, making them prone to wide-ranging threats including data leakages and man-in-the-middle attacks.
Organizational challenges: Since OT and IT have their own teams, techs, processes, and different goals, the development and maintenance of a security architecture that caters to the needs of both is fairly difficult. This segregation is often used by cyberattackers to break into the network and easily move within it.
Limited visibility and insight: Lastly, it is fairly difficult to map the attack surface of an OT network using IT solutions because of the proprietary protocols in it. Conventional IT security solutions haven’t yet adapted to OT frameworks. As an example, you cannot conduct the permissive scanning of OT networks. It leaves such pieces obscure for vulnerability detection, risk awareness, and threat remediation.
It is because of such challenges that IT/OT networks are turning out to be sitting ducks for modern cyber attackers. According to Vulnerability and Threat Trends Report released this year, attacks on OT increased by 10% between 2017 and 2018. Such attacks have different motives and impacts and can leave the prevalent cybersecurity protocols redundant. For instance, 2017’s WannaCry outbreak in Taiwan Semiconductor Manufacturing Company depicted how malicious programs like ransomware can tap nation-state threats and internal defencelessness to tear down the network and a company’s bottom line.
This has highlighted the need to manage an incident across IT and OT the problem is that we have different tools for each network and managing an incident across both means jumping between tools. The attackers see it as one converged attack surface, but the defenders are using different tools for different networks. This enables the security mechanism to visualize all data exchanges both on microscopic and macroscopic levels. It also enables the security system to analyze such exchanges in the short-term as well as in the long-term, so that any anomalous behavior can easily be spotted, further scrutinized, and remediated. This greatly enhances the visibility of the network and reduces the time-to-respond by as much as 90%. It also reduces escalations by 50%, thereby allowing tier-2 and tier-3 analysts to focus on critical incidents and tier-1 analysts to centralize IR management, automate manual tasks, and simplify investigations. SOAR solutions when integrated with SCADA security solutions can eliminate dangerous blind spots and helps in understanding the network, its devices, protocols, configurations, events and traffic with precision. The key to making sense of complex SCADA networks lies in visual, automatic mapping providing continuous monitoring of equipment & real-time detection of anomalies.
On top of that, we need to train our IT & OT teams for IT-OT attacks so that the organizations today can address this common way of attacking OT networks. The security team of these firms needs multi-skilled persons who are trained on cutting-edge solutions like Cyber Range to develop an understanding of integrated IT and OT network security issues.
As the thin line between the IT and OT networks is continuing to fade, cybersecurity products like SOAR have become the need of the hour. It is specifically imperative in our rapidly digitizing nation since any undesirable future event can completely derail our digital journey. After all, a cyberattack has no longer remained the question of ‘if’, but ‘when’.