How industry can protect industrial environments from cyber threats
Eitan Goldstein, senior director of strategic initiatives for Tenable, explores the real-world challenges the gas industry faces securing operational technology.
Industrial environments: How can the industry address cyber threats
The threat to critical national infrastructure (CNI) is real and only expected to worsen. According to a recent study conducted by Ponemon Institute, 90% of organisations had experienced at least one damaging cyberattack in the last two years and 62% had two or more. The study also revealed that these attacks either resulted in data breaches and/or operational or business disruption. The study surveyed 701 cybersecurity professionals whose organisations were categorised as reliant on operational technology (OT).
"90% of organisations had experienced at least one damaging cyberattack in the last two years and 62% had two or more"
There is a growing concern in the industry about the threat of cyberattacks on OT environments, particularly the risk of downtime to plant and/or operational equipment along with the potential misuse of confidential data by third parties.
For more on cybersecurity: Defence Predictions And New Technologies
Attacks could also pose a danger to life as threat actors could target CNI with the intent of causing physical harm. This was demonstrated in 2017 when a new malware strain, dubbed Triton, was discovered that specifically targeted safety systems. Triton was discovered in a Saudi Petro chemical plant, where it attempted to disrupt critical safety systems to cause catastrophic failure. However, a flaw in the code enabled the plant to recover before any significant damage was caused.
Digital Transformation – A costly game?
Industry 4.0 has revolutionised OT environments, benefitting the bottom line by enhancing efficiency and output. This digital transformation has seen the convergence of OT and IT systems.
This merging of IT and OT systems has bought together previously siloed departments, exposing OT systems to an array of new threats. Now, attackers can use credentials gained in IT environments to pivot into, and attack, OT infrastructure.
"Attackers can use credentials gained in IT environments to pivot into, and attack, OT infrastructure"
Unfortunately, OT environments were not designed with security in mind. Often built around legacy technologies and with a reliance on isolating initiatives, such as air gapping [No direct connection to the Internet]. However, the introduction of connected machines, devices, sensors, thermostats have dispelled the illusion of an air gapped OT environment. As a result, IT and security professionals are tasked with the ever increasingly difficult job of securing these systems against new threats.
For more on cybersecurity: Proactive Vs. Reactive Security: How Technology Can Improve Counter Terrorism
The remediation process is a difficult challenge, as security professionals are required to balance the need to patch against the financial and operational impact of the organisation.
In addition, IT security doesn’t always transfer into OT environments. A poorly timed security assessment, which probably wouldn’t even be noticed in an IT network, could have a devastating impact in sensitive OT environments, potentially knocking out the gauge on a pipeline, causing a drill to malfunction or even taking the whole plant offline. Due to the business criticality of the systems, operational downtime is often not an option. That said, could the business afford to risk a threat actor exploiting the vulnerability that could damage the plant or even threaten life?
Passive monitoring of OT environments can help solve this problem and enable security professionals to understand where they are exposed and to what extent without impacting operational functionality.
For more on cybersecurity: The Digitisation Of Defence
However, there have been occasions when patches weren’t available for known vulnerabilities in OT. This raises the question, if you cannot patch, then what else can you do?
Visibility is key
Clear and complete visibility of both IT and OT systems viewed together through a single pane of glass is the only way to gain a holistic view on risks. Security professionals cannot afford to focus only on IT or OT vulnerabilities given that digital transformation has made a siloed approach a dangerous one. Separate, siloed OT and IT security programs with different tools, different KPIs and different policies will not survive in the modern cyber threat landscape.
IT and security professionals are not the only ones that need to know of the risks facing OT environments. It is crucial that the C-suite and board of directors understand the threats that their organisation faces. Security strategy needs to reach all areas of an organisation.
For more on cybersecurity: How Israel is leading the cyber race
Thankfully, it would appear that this message has been heard. The number one priority for 2019 among C-suite and board of directors is greater communication on cybersecurity issues, according to the Ponemon study.
Previously, the technology to provide visibility for large, heterogeneous, high-availability industrial systems did not exist. However, it is now a different story. Real-time visibility of the OT network allows operators to rapidly detect vulnerabilities so that the team can take the necessary steps to re-mediate threats before they cause damage.
Real-time visibility of the OT network allows operators to rapidly detect vulnerabilities so that the team can take the necessary steps to re-mediate threats
Protecting critical national infrastructure
Protecting OT and IT environments is a work in progress, it will not be achieved overnight. However, as digital transformation continues ahead at full speed resulting in the continued convergence of OT/IT environments, OT industries are acknowledging the challenges and taking the necessary steps to solve the cybersecurity issues the industry faces.