- July 03, 2018
By Michael Rothschild, Indegy
IT security has been a concern for the better part of three decades. OT security, however, is relatively new simply because operational environments were never connected to the outside world and vulnerable to threats as they are today.
By Michael Rothschild, Director of Marketing, Indegy
It was only a matter of time before the security threats faced by the Information Technology (IT) community would affect Operational Technology (OT) environments. Today, OT executives are up against the same risks that keeps corporate senior executives up at night. IT security has been a concern for the better part of three decades. OT security, however, is relatively new simply because operational environments were never connected to the outside world and vulnerable to threats as they are today. The blurring of lines between IT and OT has de-facto put industrial organizations in the cross hairs for security incidents, but not from where you think. The newest form of danger comes from within.
While there’s been much talk about cyber threats to industrial environments in the news, insider threats, which have long been a concern in the IT security community pose an equal risk to OT networks. In fact, a recent study performed by Indegy Labs found that 86% of those polled rated insiders as the biggest security threat to their organizations. It’s important to note that the definition of insiders goes beyond just employees and includes anyone with privileged access to resources, such as consultants, contractors, outsourced agents, suppliers and more.
In addition, insider threats can be based on various motivations and circumstances, including:
- Malicious Intent – Typically a disgruntled employee or insider who is paid to exfiltrate information and/or cause damage to the organization.
- Human Error - This occurs when is an employee unintentionally causes damage and/or downtime by making incorrect changes to industrial processes/equipment, or leaks confidential company information..
- Account Compromise – This is similar to the human error scenario, where an employee unintentionally a create a security incident. Typically, outsider through social engineering tricks an employee into divulging confidential information that is used to carry out an attack. Social engineering techniques phishing emails, a “call from IT” requesting the user’s ID and password, etc.
To protect OT environments from insider threats, industrial organizations should look no further than the best practices developed over the years by the IT community. Here are the top three:
- Perform a risk assessment to identify and address vulnerabilities such as over privileged accounts, insiders with access to resources they don’t need to do their jobs, orphaned accounts belonging to terminates employees, contractors, etc. The findings will provide a ranked inventory of where threats lie and a checklist for mitigating them.
- Know and monitor attack vectors. There are two primary vectors for insider attacks: using the network and targeting devices directly via serial ports. The latter occurs when a user plugs a device into anindustrial controller to distribute malware, upload new code, etc. Serial attacks can quickly propagate and evade network based passive detection mechanisms. Monitoring both network activity anddevice integrity are required to detect these two types of threats.
- Unify IT and OT security. Since both environments are often interconnected, an attack that originateson the IT network can move laterally to the OT environment. This is a commonly used hacking technique that involves performing reconnaissance to identify and exploit vulnerabilities or using social engineering to compromise the network and move laterally once inside perimeter defenses. Establishing visibility across both IT and OT networks by integrating security tools and the data they generate can help detect lateral attack activity.
Although the insider threat does not get as much media coverage as more high profile cyber attacks, it is a top concern among industrial facilities operators. Implementing IT best practices for insider threat prevention in OT environments, and unifying controls and visibility across both infrastructures, represents the best recipe for protection.
About the Author
Michael Rothschild is the Director of Marketing at Indegy. Michael has a passion for inspiring and motivating world class marketing teams in product and field marketing. Prior to joining Indegy, Michael was the Global Director of Marketing at Thales. Michael occupies a board seat at Rutgers University and in his spare time volunteers as an Emergency Medical Technician.Learn More
Did you enjoy this great article?
Check out our free e-newsletters to read more great articles..Subscribe