Trying to Secure Critical infrastructure? You Can’t Take Your Foot Off the Gas.

Trying to Secure Critical infrastructure? You Can’t Take Your Foot Off the Gas.
Trying to Secure Critical infrastructure? You Can’t Take Your Foot Off the Gas.

In many ways, 2021 was a banner year for cyber-attacks against OT systems. According to Fortinet’s 2021 State of Operational Technology and Cybersecurity survey, nine out of 10 OT organizations experienced at least one intrusion in the past year.
There were several high-profile attacks, and arguably one of the more significant and best known was likely the Colonial Pipeline attack in May. That attack caused the company to halt all 5,500 miles of their pipeline operations, as well as directly impacting part of their IT infrastructure, and demanding time sensitive actions to clean and restore compromised systems.
As we advance rapidly toward 2022, attacks on OT infrastructure clearly aren’t going to slow down; they’re unfortunately going to increase. Now that bad actors have witnessed the impact an attack can have on critical infrastructure OT systems, they’re emboldened to try and expand cyber campaigns to illustrate supremacy and increase public distrust and anxiety. So, we’ll dive into some of the most significant concerns that OT leaders need to be aware of in the coming year–and what can be done to strengthen your security posture.

How OT attacks have changed in the past year

Ransomware attacks aren’t just inconvenient–they’re potentially dangerous. Such attacks against OT systems and critical infrastructure could have dire consequences for the lives and safety of respective workforce personnel and consumers. Since IT and OT  networks are increasingly interconnected, almost any access point could be a target to gain entry to the corporate infrastructure.
During this same period, there’s also been significant growth in phishing attacks targeting OT organizations. The survey referenced above found that 58% reported this type of intrusion, up from 43% last year. This increase is largely due to attackers exploiting vulnerabilities related to the rapid innovation and digital connectivity required to facilitate remote work at the beginning of 2020. Compounding an already complex set of cyber-attack scenarios is the increase in insider breaches also on the rise at 42%, up from 18% last year.

For OT, crimes do pay

The dark web has made attacks on critical infrastructure scalable–and we can anticipate this playing out in the next year. One of the reasons why OT attacks have become so significant is that bad actors have realized they can profit from  both successful cyber network attacks and the reuse of tactics, techniques and tools developed and deployed against IT and OT targets of primary interest.
Of late, cyber adversaries have profited by reselling their malware online as a service. Rather than simply competing with cyber brokers offering similar tools, they expand their portfolios to include OT-based attacks, especially as OT and IT continue to converge at the edge. Historically, it required a learned specialist to attack an OT system, but in 2021 a committed attacker can acquire  an OT attack kit on the dark web.

Going beyond network visibility

The culmination of all these factors suggest that OT leaders can’t take their foot off the gas when it comes to cyber security maturity. Staying ahead of modern cyber threats demands a multifaceted approach. Network visibility is one important component, but OT systems, regardless of the sub-sector vertical require much more to achieve cyber resilience. With steps to ensure e network visibility in place, the next logical cybersecurity best practice to achieve is control and containment within your infrastructure.
That implies insisting on zero-trust access, to ensure an individual, application or device performs a specific role or function but strictly limits the range and level of engagement. In this manner, if the role or access privileges are compromised or behaviors are suspect, an adversary’s ability to influence the OT network is restricted. The next critical step beyond control is leveraging the value of behavioral analysis and the use of analytics to rapidly detect and neutralize any suspicious behavior within the network environment.
In 2021, the appetite for actionable data has driven an increased demand  for digital connectivity  between operational infrastructure and the traditional IT enterprise. OT leaders are becoming more aware of the dynamic security landscape and the threat challenges associated with this convergence. Specifically, there is recognition of the critical need to proactively defend the cyber physical. It’s no longer a matter of isolation but rather the aggregation of data that enables security practitioners to make more effective decisions despite an increased attack surface. The security considerations must extend beyond the on-premises system, the operating system, and the network infrastructure, and take into account the increased dependence on enabled IoT and IIoT devices.

Staying ahead of attackers

2021 witnessed an increasing number of attacks on critical infrastructure–enough that the U.S. government has taken notice. The imperative and language communicated to OT leaders is to keep critical infrastructure running safely and continuously. Downtime translates into significant losses. OT organizations, unlike enterprise IT, don't have the flexibility when it comes to downtime, so availability is crucial.
The recent lessons learned from the impact and consequence of attacks targeting OT platforms imply that OT stakeholders need to invest proportionally to address and counter the emergence of latest tactics and techniques, The availability of tradecraft that can be acquired on the dark web suggests cyber adversary persistence and requires mature security strategies to proactively neutralize advanced threats. Clearly, the adoption of cyber security best practices is essential and the steps to accomplish network visibility, zero-trust access, and behavioral analysis into a holistic solution strategy are vital to overcome evolving threats to your OT systems.

About The Author

Rick Peters is CISO for operational technology, North America, Fortinet.

Did you enjoy this great article?

Check out our free e-newsletters to read more great articles..