As OT and critical infrastructure become increasingly bigger targets for cybercriminals, ransomware attacks are also becoming more sophisticated and aggressive. The latest FortiGuard Labs Threat Landscape report found there were almost double the number of new ransomware variants identified in the six months of 2022 compared to the prior six-month period.
For manufacturing organizations and the industrial sector, the goal is to find ways to strengthen security in light of these increasing risks while also maintaining productivity and efficiency, and with the right tools and solutions, it’s possible for enterprises to achieve this goal.
Help From a Firewall
Organizations are sometimes unable to monitor the traffic within their OT network because a legacy firewall can often never see the activity in a network architecture where everything passes through the switch. It can prove challenging to fully grasp what’s happening in a network or spot changes, which is exactly what malicious actors are looking for when they attack a target.
Legacy firewalls offer some security but also have limitations on application awareness, network performance problems, logistical concerns and a lack of adaptability. Luckily, next-generation firewalls (NGFWs) excel where conventional firewalls falter. They can offer flexibility, updated threat protection, intelligent port control, reliable network speed and a simple infrastructure.
NGFWs provide total network visibility and threat protection for OT environments in addition to security. Organizations can design networks that perform in extreme industrial environments and integrate security into industrial control system (ICS) infrastructures.
For optimal benefit, though, even these cutting-edge firewalls perform best when installed inside an OT network, particularly one that has been carefully segmented.
Implement Network Segmentation
The Purdue model describes devices in terms of their functions before assigning a level to each one. IEC 62443, a recent standard, introduces the idea of zones and conduits, which are crucial as the OT network becomes increasingly segmented.
Although the advantages of NGFWs for the OT network are obvious, there is frequently reluctance to put this information into practice. In contrast to IT networks, OT networks can experience extremely expensive downtime or, in the case of critical infrastructure, even life-threatening situations. The issue of how to segment the network without causing chaos, causing outages or jeopardizing the product’s safety or quality remains a big question.
How, then, can a company deploy microsegmentation without crashing its environment? By establishing a thorough process that outlines each person’s duties, taking into account not only the initial implementation or installation, but also continuous maintenance.
The process begins with these three important elements:
- Create a plan for achieving security goals based on where the organization is now and a timetable for implementation that’s reasonable.
- Minimize network disruption by taking actions that have the lowest risk of failure.
- Collect information from each phase and use it to reevaluate before putting the next step into practice.
In addition, here are four things to avoid:
- Failing to articulate the organization’s goals and align stakeholder interests.
- Ignoring company needs and risks.
- Rushing the process of determining the zones and their priority.
- Trying to do everything at once
A Culture of Cyber Hygiene
What can subvert a perfectly designed network defense is a lack of basic cyber hygiene, such as usage of easily guessed passwords or rudimentary authentication. Password issues, while potentially very dangerous, constitute a small number of attacks that are very focused. Poor authentication makes up a substantially bigger percentage of attacks.
According to the 2021 Verizon Data Breach Investigations Report, human activity accounts for 85 percent of data breaches. In addition, social engineering techniques like phishing are used in 50 percent of ransomware attacks. Thus, the foundational component of any cybersecurity strategy must be security awareness training as a means of galvanizing the entire business behind the security cause, especially as IT and OT environments converge, meaning sometimes more employee facing IT environments can be conduits to OT attacks.
Training also lowers resistance to the adoption of sophisticated authentication techniques and more rigorous security procedures. No matter where employees are working, companies need to make sure that all of their staff receive thorough training on identifying and reporting questionable cyber activity as well as training on how to use technology safely.
It's simple to become immobilized by worrying about downtime or becoming overwhelmed by the scope of the whole process – or mired in grumblings about what ought to have been done already. Asking what can be done now and in the future to constantly improve the network environment will help enterprises concentrate on moving forward. By taking care of their company’s network security issues today, organizations will save time and money, and build toward everyone’s safety and privacy in the future.
NGFWs and appropriate segmentation not only provide security, but they can also provide enterprises with a competitive edge over rivals who lag behind in security. These two practices help those who manage OT environments maintain that critical balance between security and performance.
Willi Nelson is a field CISO for operational technology at Fortinet.