A secure OT infrastructure. Is that possible?

Once isolated, the OT infrastructure is today usually connected with the IT network, becoming the target for hackers with increasing frequency. The 2021 Stormshield study says that 51% of the respondent industrial companies have had at least one cyberattack on their operational network. This problem is becoming more serious each year. What can be done about it?

The OT (Operational Technology) infrastructure encompasses hardware and software for managing and monitoring physical devices, processes and events in an enterprise. These may include production machines, pumps, valves, switches, sensors, and all kinds of measuring devices and actuators.

In the past, networks of such devices and systems made up an isolated environment which was not connected with other company systems, let alone the Internet. That is why it remained relatively secure. But things have changed a lot since that time.

The industrial revolution as an opportunity for cybercriminals

Digital transformation and Industry 4.0 have altered the environment in manufacturing companies. The crucial role is now played by data, particularly data analysis and related insights which provide a basis for managerial and operational decisions, allowing to prevent breakdowns, downtime or excessive workload along production lines.

Most of the time, such data have been flowing between devices within the OT network. However, for data to be analysed, processed and used on a larger scale, these devices have to be connected to other business systems (ERP, WMS etc.). That is why no clear dividing line exists now between OT and IT. This trend has intensified since the arrival of the Internet of Things in businesses. The sensors which monitor the operation of devices and transfer data between each other and to IT systems in real time are permanently connected to the Internet. That is why they can provide a way in for cybercriminals, just the same as devices in the industrial network.

Ensuring the security of the OT network used to mean that one had to keep all devices and systems operating as well as avoid any downtime along production lines. Since these networks were isolated, no one feared cyberattacks. Anyway, older elements of the infrastructure often were not, and still today are not, sufficiently advanced in terms of technology to make a standard security level even possible (e.g. data encryption). In such conditions, cybersecurity was only a pipe dream. Today, however, it is becoming an absolute necessity, explains Krzysztof Andrian, CEO at Concept Data.

Why? 68% of companies participating in the study by Smart Factories said that they were investing in production systems based on automatic data exchange between machines and networked devices. This means cybercriminals have much more options at their disposal.

More connections, more attack vectors

Each cyberattack on a company’s IT network may also affect the OT network. Data encryption or seizing control over devices may result in a disruption of operations (e.g. a power outage in a given area) or in unwanted changes to the operating parameters of devices, e.g. an increased temperature in the cold store or modified proportions of substances in the production of pharmaceutics. This leads straight to

serious and long-term issues.

But an attack can also go the other way. Taking advantage of poorly secured OT or IoT devices connected to external networks, a cybercriminal may access the company’s IT resources, seize control over systems, steal data or a trade secret as well as perform an act of sabotage.

Today, IT, OT, and IoT networks must not be treated separately. They are all communicating vessels that have impact on one another. That is why we refer to the environment of Internet-connected devices as the xIoT network (extended IoT), as it comprises OT devices, network devices, and IoT devices. An enterprise that seeks security must protect each of these elements, says Michał Kudela, PAM Team Leader at Concept Data.

The media often report cyberattacks which disrupt the entire company and affect its customers, using one of the elements of the extended IoT. One of the most spectacular was the attack on the energy sector in western Ukraine in 2015, resulting in a power outage for 700,000 consumers. Since 2016, we have been observing the activity of the Mirai botnet which exploits publicly available and Linux-based IoT devices for cyberattacks (mainly DDoS). During recent years, it has targeted Google, Microsoft, and the server of Minecraft Wynncraft. In 2021, cybercriminals attacked Colonial Pipeline, a company transporting fuel to the eastern regions of the U.S., which made the pipeline stop operating for several days. Such examples can be multiplied. But can they be prevented?

Visibility, monitoring, and automatic elimination of vulnerabilities

The xIoT networks are vulnerable to cyberattacks due to several reasons. The key issue is that companies usually have no idea what devices are connected to the network and where these connections are located. In the case of OT, equipment is often outdated, because such systems are designed for long-term use and their elements are replaced at longer intervals. Such equipment often uses software that has not been updated for many years or that is no longer supported by the manufacturer.

On the other hand, the IoT elements are often excluded from the cybersecurity strategy. Many companies still remain unaware of the fact that such devices can be attacked. In consequence, they have no security features or use only a default password that has never been changed.

Today, the cybersecurity strategy must cover all elements of IT, OT, and IoT networks. Including the ones that have been forgotten. New technologies enable automatic detection and identification of all xIoT devices, assessment of their security level, elimination of security gaps (including such aspects as credentials, software, and certificates), ongoing monitoring of the xIoT network as well as detection and elimination of threats. That is exactly how Phosphorus Enterprise xIoT Security Platform works, adds Krzysztof Andrian.

By including such solutions in its IT infrastructure, a company can significantly increase the security level of its key resources.

The Phosphorus technology can be integrated with the CyberArk Privileged Access Security platform used for managing privileged access and privileged account passwords in operating systems, applications, and network devices, as well as for controlling the user privilege levels and the processes in Windows and Linux. By combining the features of both tools, a company can ensure advanced and fully automated protection of devices within the entire xIoT network, says Michał Kudela.

The industrial and technological development that supports production processes has the side effect of giving cybercriminals new opportunities. However, by taking due care of their overall infrastructure, businesses can make key resources fully secure and provide customers with uninterrupted access to products and services.

More about the security of the xIoT environment:

You think your company is safe? Check IoT devices