Three Ways to Bolster OT Security and Visibility

Evolving data transfer needs have created attack vectors and introduced vulnerabilities that will be exploited if left unaddressed.

Christopher Walcutt
Dec 6, 2023
Computer Security 509230826 2122x1416 (1)

While outages and maintaining productivity are crucial factors driving security, manufacturing CISOs are often responsible for safeguarding industrial facilities, personnel, and information from various threats, including theft, sabotage, and cyber attacks. Yet when it comes to security, manufacturers often lag behind other industries. In 2021, approximately 90 percent of manufacturing organizations surveyed had either their production environments or energy supply environments hit by some form of cyber attack. 

In working with clients across the manufacturing spectrum, here are three areas we identify as ways these organizations can improve their Operational Technology (OT) security posture to achieve visibility and continuity of operations. 

1. Strengthen Network Segmentation

Many organizations fail to recognize the importance of implementing segmentation within their OT firewall infrastructure. Instead, they often rely on the presence of an (OT) firewall, believing that it separates them from their Information Technology (IT) counterparts and the associated vulnerabilities. However, this mindset is outdated, a remnant from decades ago when data generated within specific environments like substations remained confined within those spaces. 

Fast forward to today, and almost every industry desires access to this data for various purposes, such as business analytics or manufacturing efficiency. Consequently, they poke holes in the OT firewalls to enable business data flows. Operations often pushes organizations in this direction and, in some cases, they fully embrace it.

For instance, we’ve encountered plants that have adopted distinct data transformation models, managing it entirely in-house with six developers who've crafted more than 100 small applications. Surprisingly, there's no oversight or application security program in place for these critical apps that play a pivotal role in plant operations and a lack of collaboration with a robust corporate IT vulnerability management program for the organization. This diversity in management highlights the need for segmentation within OT firewalls. 

Another common scenario involves third-party vendors who install specialized hardware or software to support plant operations or manufacturing systems. These vendors typically have remote access to these systems. Unfortunately, organizations often fail to adequately monitor these connections. In some cases, they might enable remote access for a vendor and forget to disable it once their work is complete. This inconsistency in monitoring and access management poses significant security risks. In some cases, a requirement for access of this type is in the vendor procurement contract language, violating the customer’s own information security policies. 

With the newfound necessity to share this data externally, organizations create attack vectors and introduce vulnerabilities by creating openings in their firewalls. While sometimes necessary, this practice can be particularly risky because it's challenging to discern the potential threats in this space. Depending on where the data is being sent, there's a risk that an attacker could exploit this connection to compromise the plant's security. 

The primary purpose of segmentation in this space is to enhance visibility and provide containment enforcement capability. Without visibility, establishing a baseline for what constitutes β€œnormal” becomes impossible, and consequently, detecting abnormal or suspicious activities becomes a major challenge. This is precisely where segmentation becomes indispensable. Visibility drives a desire for network segmentation, ultimately reducing the threat landscape and providing insights into attack vectors. 

2. Assess OT Risk for Resilience and Business Continuity 

Unlike conventional risk assessments in cybersecurity for IT systems, part of the primary emphasis for OT is on resilience rather than strictly quantifying risk. The paramount concern is to ensure uninterrupted operations, guaranteeing the continuous functioning of essential facilities such as power plants. It’s a relentless focus on system uptime. 

As an OT security services provider, our goal is to help organizations identify risks to their resilience that they may have previously overlooked. While they might be accustomed to assessing factors like machine maintenance intervals or oil change schedules, we aim to broaden their perspective. We want them to consider the possibility that a malicious actor armed with the right software could disable a critical controller.

In such cases, recovery might be impossible, especially if no backup of the firmware or configuration exists. This perspective aligns closely with business continuity as much as it does with cybersecurity because the perception of risk in the OT world differs significantly. 

3. Benefits of External Partners 

Many organizations have a limited number of individuals with OT systems expertise. Sometimes, it's just one or two people per plant, or in less fortunate cases, one or two shared across the entire enterprise. However, these individuals often focus on plant-specific operational concerns and overlook the bigger picture, such as centralized account management or remote access security. 

For instance, within manufacturing facilities, there's often a lack of central account management, resulting in scattered accounts across Windows and Linux systems, as well as the SCADA or DCS system devices. The default approach frequently involves shared passwords for user and admin accounts, which presents security challenges. However, as these systems get updated, they gain the ability to support Lightweight Directory Access Protocol (LDAP) integration with Active Directory or other authentication methods, enabling multi-factor authentication and separating logins into role-based access control. This is not only more secure but also provides vital visibility into system activity, including firmware upgrades and setting changes.

Another common problem arises from system expansion or new production facilities. With this, integrators are typically engaged to set up new systems or a group of components. These integrators are experts in the functional design of these systems. However, they frequently don’t have cybersecurity expertise.

During a recent assessment for a municipal government, we encountered a new drinking water SCADA system in an older plant. The integrator installed an unsecured wireless network and turned off the broadcast of the SSID, intending to hide it. For even the least sophisticated attackers, this results in an open back door into the environment. From outside the physical security fence of the plant, the team connected to and logged in to the SCADA system with administrative credentials and obtained functional control over the entire system because the vendor left the default passwords in place. 

When considering partnering with a Managed Security Services Provider (MSSP) to enhance security visibility and resilience, it's crucial to seek out a provider capable of effective communication with your team. Some organizations, including ours, employ experts who possess extensive experience in designing, building, operating, and managing these OT systems. 

Organizations can greatly benefit from continuous environment testing conducted by a security services vendor. These vendors play a pivotal role in helping organizations tackle the ever-evolving threat landscape, address technology gaps, improve environmental visibility, and augment their teams with 24/7 in-house security operations centers.

Latest in Cybersecurity
Intuitive and Flexible Manufacturing ERP
Sponsored
Intuitive and Flexible Manufacturing ERP
May 1, 2024
Cybersecurity In A Bubble
Report Breaks Down Surge in Cloud Attacks
May 16, 2024
Computer Crime Concept 516607038 2125x1416 (1)
CISA Releases Data on Defending Against Pro-Russia Hacktivists
May 16, 2024
Ransomware
Ransomware: The Relentless Threat
May 16, 2024
Related Stories
Cybersecurity
Cybersecurity
New Siemens Software Automatically Identifies Vulnerable Production Assets
Financial Cyber
Cybersecurity
Ransomware Report Shows Fewer Incidents, Future Concerns
Cybersecurity
Cybersecurity
ZAG Technical Services Announces New Cybersecurity Offering
Manufacturing Business Management
Sponsor Content
Manufacturing Business Management
More in Cybersecurity
All-In-One Manufacturing Management
Sponsored
All-In-One Manufacturing Management
Acumatica looks to offer new solutions.
May 1, 2024
Cybersecurity In A Bubble
Cybersecurity
Report Breaks Down Surge in Cloud Attacks
More data is flowing into the cloud, and the bad guys know it.
May 16, 2024
Computer Crime Concept 516607038 2125x1416 (1)
Cybersecurity
CISA Releases Data on Defending Against Pro-Russia Hacktivists
Although the tactics are not complex, the results can be disastrous.
May 16, 2024
Ransomware
Cybersecurity
Ransomware: The Relentless Threat
Threat actors are refining their methods, as fewer incidents are being stopped before data is encrypted.
May 16, 2024
Ep96tn
Video
Security Breach: Supply Chains Are a Hacker's Gateway
Many attacks on manufacturers are just the first step in going after even bigger targets.
May 16, 2024
General Cyberattack
Cybersecurity
Verizon Report Shows Vulnerabilities, Human Errors as Primary Challenges
Most breaches involve a non-malicious human element, such as falling prey to a social engineering attack.
May 9, 2024
Logistics Management
Cybersecurity
Third-Party Intelligence Helps Expose Supply Chain Threats
The platform extension offers vendor-specific security posture data.
May 9, 2024
Computer Crime Concept 516607038 2125x1416 (1)
Cybersecurity
Threat Report Shows Onslaught of DDoS Attacks
Hacktivist groups are increasing attack frequency and raising their level of aggression.
May 9, 2024
Ep94tn
Video
Security Breach: The Hacks!
In this episode, we dive into some of the most notorious attacks to hit manufacturing over the last six months.
May 9, 2024
Cybersecurity
Cybersecurity
New Siemens Software Automatically Identifies Vulnerable Production Assets
The cybersecurity SaaS will be available for purchase in July 2024.
May 8, 2024
Manufacturing
Cybersecurity
Tech Trends to Watch in Manufacturing
AI is at the forefront.
May 7, 2024
General Cyberattack
Software
CISA, FBI Release Secure by Design Alert
The two agencies are urging manufacturers to eliminate directory traversal vulnerabilities.
May 3, 2024
Financial Cyber
Cybersecurity
Ransomware Report Shows Fewer Incidents, Future Concerns
The fear is that larger RaaS groups are exercising greater control over their affiliates.
May 3, 2024
Manufacturing Infrastructure Cyber
Cybersecurity
CISA Releases Latest ICS Advisories
Cisco, Siemens, Honeywell and Mitsubishi systems top the list.
May 3, 2024
Ep92tn
Video
Security Breach: Predictions That Hit
A look back at Security Breach guest's most accurate and timely industrial cybersecurity predictions.
May 2, 2024