Intelligent CIO has asked industry experts what security risks are being introduced as IT and OT networks converge? Here is the response from Peter Margaris, Senior Director of Product Marketing, Skybox Security:
As OT environments continue their convergence with IT networks, the need to secure these technologies to support continuous uptime and safety has never been more critical. These technologies are often business critical in many industries and extend to the monitoring and control of core infrastructure such as oil and gas drilling and distribution; energy generation and distribution; chemical, pharmaceutical and consumer goods manufacturing; and many health, building management, transportation and telecommunications applications, among others. Failure directly affects business operations and revenue.
Additionally, because they run essential systems in critical infrastructure and deliver responsive capabilities in real-time (such as meeting surge demand/usage), availability is a key security concern. OT networks, therefore, need to be operational at all times.
However, in a digitally-connected age where technological advances are continuing apace, traditional safeguards like leveraging air gaps or creating physical separations have all but disappeared. In the last 20 years, OT has been exposed directly to outside risks via remote sensors to retrieve data, Wi-Fi enabled controllers and USB devices to update software, for example.
Considering this increased cybersecurity risk exposure and the criticality of services OT supports, OT networks have become a more attractive objective to hack and breach. This interest is visible in the growing availability of productised exploit kits, easily searchable sites on legacy technology and new monetisation options such as ransomware specifically designed to attack industrial systems.
Let’s be clear: the threat facing OT networks is increasing. Skybox’s Vulnerability and Threat Trends Report 2020 revealed that the volume of new ICS-CERT advisories increased by 53% from 2018 to 2019. And with the increasing convergence of corporate IT and production OT networks, threats within both environments present a greater danger than ever before. Vulnerabilities and security issues within both environments can give an attacker a foothold, as well as opportunities for lateral movement.
One of the most significant OT vulnerabilities published in 2019, with a 10/10 severity level, was ICSA-19-043-033, which warned about several vulnerabilities within WibuKey’s digital rights management product. This vulnerability allows privilege escalation and has remote code execution (RCE) attributes: if exploited, the attacker could take control of the affected control and monitoring system. Considering how OT devices are increasingly connected to the wider business’ IT environment, this vulnerability highlights the pressing need for organisations with OT networks to improve the security which surrounds their critical infrastructure.
To tackle threats to hybrid IT-OT networks, organisations need to build a united view of their hybrid network infrastructure so that they are able to understand network context with holistic network modeling and mapping, confirm effective controls through firewall and access control systems, identify vulnerabilities and effectively prioritise patching. It’s far from a simple task but the need for improved protections for organisations with OT infrastructure cannot be clearer.