Critical Infrastructure Resilience: Safeguarding Against Cyber Threats

Operational technology (OT) has become the backbone of many industries, driving critical processes and systems. OT systems are essential to business success, from efficiency and automation to real-time monitoring for efficiency to mitigating risks for maximum safety and security. Furthermore, as many key industries drive critical processes and systems, any disruptions or failures in OT systems can have far-reaching consequences beyond economic losses.

Against this backdrop, it’s crucial to safeguard organizations’ OT systems. According to McKinsey, cyberattacks on OT systems have been on the rise

, and in 2023, 70% of ransomware incidents

happened in the manufacturing sector. With targeted threats that focus on infiltrating and disrupting industrial control systems, having proper gatekeeping measures has become imperative.

Cybersecurity risks in OT / ICS

Technology has significantly improved the industrial operations and critical infrastructure sector. However, the same technology that has benefited organizations also contributes to the cybersecurity risks that these organizations face. For example, while connectivity improves efficiency, it creates new avenues for cyber attackers to infiltrate OT or industrial control system (ICS) environments. At the same time, OT professionals need to manage day to day operational reliability and efficiency needs against lower likelihood, but severely impactful cyber attacks.

In cybersecurity, OT environments pose unique challenges

compared to traditional enterprise IT environments. Unlike the IT industry, where software and hardware are frequently updated to address security strategies, the OT sector is often untouched. This is often attributed to resourcing challenges, complexities in change management, or to maintain plant availability. Over time, OT devices and operating systems become outdated, making them difficult to maintain as they lack the required patches for security updates, causing security loopholes in the organization’s critical infrastructure.

Globally, industrial organizations have been slow to recognize the importance of developing and using cybersecurity programs specific to OT. However, nearly 60% of attackers coming from nation state affiliate groups

, with politically or financially driven motives. This means that critical infrastructures, such as energy, critical manufacturing, or water, become their main target since they will be the theatre of future wars, having the most potential to cause the greatest impact against an adversary.

Enhancing critical infrastructure resilience

With the growing number of cybersecurity breaches, protecting critical infrastructure should be the first step

for any organization. Take a defense-in-depth approach by deploying a multi-layered security approach on multiple fronts. Organizations should look into taking on a combination of advanced security tools to protect their endpoints, data, applications and networks. It is important to ensure that every endpoint is protected, whether it is on the IT or OT side of the organization’s infrastructure. At the very least, industrial organizations should prioritize and take existing cybersecurity measures seriously instead of keeping it as an afterthought.

To further strengthen and mitigate cybersecurity attacks across the organization, consider deploying a zero-trust architecture. Run a risk and vulnerability assessment to identify the gaps within the IT and OT infrastructure to pinpoint the most vulnerable areas within the ecosystem, then identify and implement the cybersecurity tools that are most suitable to the use-cases required. It is important to note that a zero-trust model is not a one-size-fits-all and can look different for every organization. This is why having a trusted partner who understands your business is crucial when taking a zero-trust approach.

Most importantly, adopting a zero-trust model could mean embracing a mindset shift for organizations. This can be a tedious step to take, but for a truly successful shift, cooperation across the organization is necessary. From cybersecurity controls like network segmentation, multi-factor authentication (MFA), frequent asset inventories, or OT patching, having an added level of security safeguards organizations’ most precious assets and critical infrastructure.

Safeguarding OT systems with strengthened cybersecurity

According to Dragos

, organizations looking to implement a preventive cybersecurity program should consider the SANS key ICS Cybersecurity Critical Controls, as below:

1) Build a ICS incident response plan

This involves developing a dedicated plan for specific scenarios and will require collaboration between different departments as it is a whole-of-business approach. For example, establishing a plan for ransomware may require input and coordination with several areas of the business, such as operations, engineering, public relations, legal, data privacy, customers, and regulators. As a result, plans and procedures should be prepared and tested in advance.

2) Set up a defensible architecture

Understand what systems are important for operations, then build a demilitarized zone (DMZ) between the OT systems and business environment to enable quicker response and more rigorous security controls.

3) Ensure OT visibility and monitoring

An important aspect of preventive cybersecurity, visibility is key because it helps organizations look into what’s happening within their operations at all times. This helps with early threat detection and rapid incident responses. Being able to see what happens on the ground also gives businesses more confidence as they have real-time data to back them up.

4) Enable secure remote access

More organizations today are already implementing secure remote access, or MFA, within their environment. MFA is so important in providing an added layer of security across systems. From vendor access to file movements across the company, even enabling employees to work remotely, MFA can significantly reduce risk for organizations without requiring a large investment.

5) Risk-based vulnerability management

The reality is that securing every aspect of the business and patching every potential loophole is not as simple due to the legacy systems involved within OT environments. However, by knowing the gaps and areas of vulnerabilities within the organization, businesses can pay more attention to them, so they can develop a plan with the business to resolve these vulnerabilities in an appropriate way.

Building a more resilient infrastructure with a trusted partner

Cybersecurity should be an always-on preventive approach, and organizations must proactively take action to safeguard their critical environments. Rockwell Automation provides a range of industrial cybersecurity solutions to meet businesses where they are and provides specialized knowledge in OT cybersecurity.

Whether it’s project-based security enhancements or long-term cybersecurity solutions that can support organizations as they innovate and navigate the future of IT/OT convergence, our partnerships with cybersecurity experts like Dragos give us deep industry knowledge and experience, bringing insights specific to the industrial automation space.

We’ll never know when the next cybercrime will happen, so take action before it’s too late.

This article was first published by AusBiz

.

Published July 20, 2024

Saby Goswami

Cybersecurity Services Commercial Leader, Asia Pacific, Rockwell Automation

With over 20 years of experience in Industrial Information Infrastructure, Cybersecurity, and Advanced Data Analytics, Saby leads Rockwell Automation's Connected Services business suite in Asia Pacific. Connected Services simplifies IT-OT convergence and enables The Connected Enterprise journey with robust and secure information infrastructure and Managed Services.

Connect:

Rowan Macfarlane

Principal Industrial Consultant, Dragos

Rowan performs architectural assessments, network vulnerability assessments, compromise assessments, tabletop exercises and a range of other customer-facing activities. He has over 15 years of experience in OT cyber security, having worked in both operations and consulting.