IT and OT in the Mix: Spotting New Threats in Old Environments

Posted on by Anastasios Arampatzis

The frequency of cyberattacks on operational technology (OT) systems is increasing, causing significant impact on industrial operations. Organizations are under pressure to find solutions quickly. Industry 4.0 prompted the adoption of digital solutions that aim to increase automation, incorporate smart devices, improve data efficiency, and IT-OT convergence. IT/OT convergence offers many new opportunities but also introduces a vast array of cybersecurity threats.


It's crucial to safeguard against these threats, especially to essential systems like BMS, UPS, and HVAC. Posing a greater risk than those in IT, OT attacks result in physical consequences such as shutdowns, outages, leakages, and even explosions. 35% of the 64 OT cyberattacks reported in 2021 resulted in physical damage, with estimated costs of $140 million per incident. Moreover, geopolitical tensions in 2022 led to an 87% increase in ransomware incidents. Notably, 72% of this increase was attributed to Europe and North America, highlighting the need for greater security measures to protect our infrastructure.


The challenges of industrial cybersecurity

Cybercriminals use ransomware and insecure supply chain connections to hijack OT devices and compromise business-critical data to disrupt production and operations. Industry faces several technical and operational challenges when protecting against attacks:

  • Legacy or constrained systems with old, unpatched vulnerabilities and limited security controls

  • Limited implementation of security controls on legacy OT devices due to constrained computing environments

  • Third-party remote connections to OT devices for vendor maintenance

  • Lack of centralized management and governance of OT cybersecurity operations due to conflicting ownership between OT and IT teams

  • Conflicting priorities (i.e., IT confidentiality and integrity vs. OT reliability and availability) lead to indecision between sustaining productivity and securing devices

  • Skills and talent shortage of cybersecurity and industrial automation expertise

  • Operational and technical restrictions that limit the ability of OT teams to patch devices and implement time-sensitive solutions

Considering the challenges, the following four steps are worth considering and putting into action to enhance OT cybersecurity.


Track asset inventory and identify vulnerabilities

In a reliable OT security plan, its essential to have a thorough asset inventory. You must identify all the connected assets, their location, communication channels, support, and contract details. Just one vulnerable IoT device can jeopardize the entire network, so visibility of all components and risks is crucial. Utilizing AI, machine learning, and data analytics through vendor-agnostic software solutions can help to monitor, measure, and manage large OT/IT networks. With this technology, you can obtain valuable insight enabling detailed system planning and modeling.


Segregation of OT and IT networks

Network segmentation is highly recommended to safeguard critical OT systems. Simple segregation involves separating classified from unclassified networks. The classified network is ultra-secure and has high-trust resources safely handling sensitive data and critical assets. Any suspect or untrusted devices should be connected to the secondary unclassified network, isolated from essential resources ensuring security cannot be breached.

A zero-trust approach to OT cybersecurity is built on network segmentation, robust identity validation, and verification. This approach makes it difficult for attackers to breach the system, thus making the target unattractive. Even if the attacker bypasses the obstacles, network segmentation limits the impact and provides defenders time to contain and block the threat.


Protective and proactive security controls

Cyber attackers are particularly interested in exploiting vulnerable OT devices and the critical data they generate. Invest in device hardening and data loss prevention to proactively secure your OT infrastructure. This includes strict patching and firmware updates, securing communication protocols, and regular penetration testing. To ensure proper support, consult reputable manufacturers for patching and firmware support details

Additionally, develop a support plan for the entire device lifecycle. Compared to IT devices, OT infrastructure has a longer lifespan, meaning companies can continue to use outdated hardware beyond the manufacturer's support period. When faced with this decision, consider the risk of exploitation of unpatched and obsolete firmware against the cost of retiring physical infrastructure. 

To protect sensitive data, invest in a data loss prevention (DLP) solution that detects and responds to real-time data exposure incidents. The ideal solution should combine traditional DLP with incident response capabilities to empower cybersecurity teams and minimize false positives.


Business continuity and disaster recovery

Being proactive is not a foolproof solution. It would be best to have a business continuity and disaster recovery plan to ensure operational resilience when needed.

Include a comprehensive impact assessment of possible breach scenarios, details on potential damages, how long-affected systems can stay offline before causing significant operational disruptions, and steps to mitigate risks. Regularly testing disaster recovery procedures is also advisable to ensure your systems are robust and familiar. As physical infrastructure assets are increasingly digitized and networked, prioritize the latest OT cybersecurity protection. Securing your physical infrastructure should be an ongoing effort to ensure that your networks remain secure now and in the future.

Anastasios Arampatzis

Cybersecurity Writer, Bora

Technology Infrastructure & Operations

critical infrastructure infrastructure security Network / Infrastructure Security operational technology (OT Security)

Blogs posted to the website are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA Conference™, or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.

Share With Your Community

Related Blogs