It's been over a decade since the headline-grabbing Stuxnet virus was introduced and the concept of nation-state-sanctioned cyber attacks was presented by security professionals. The concern about different cyber threats which could exploit and potentially destroy physical assets and even human lives grabbed the attention of different industrial organizations. Cyber attackers' pursuit of the different vulnerabilities in these organizations’ assets could lead to exploitation in operational technology networks.
Despite the early warnings in 2010, only in the past five years has there been an increase of nation-state attackers becoming more prevalent as seen in the recent Solarwinds attack, which was credited to nation-state actors with alleged Russian ties. Cybercriminals are deploying ransomware attacks as their method of choice when attacking different industrial organizations. Over the past 12 months, there have been different successful ransomware attacks on different industrial industries which include the Colonial Pipeline attack and SNAKE / EKANS attack.
Figure 1: The rising growth of ransomware attacks
These attacks have put a focus once again on the vital importance for all industrial organizations to secure their Operational Technology (OT) environments. OT networks and devices are the heart of automation for industrial assets and unlike newer technology, they are less segmented by virtue of the older industrial infrastructures connecting to the internet and integrating new services in their equipment.
Industrial organizations have been forced with new obstacles, such as remote access and third-party services, which has created a larger attack surface for cybercriminals to exploit OT networks and organizational physical assets (such as the attack on the city of Oldsmar, Florida.) This increasing attack sector has created a newer approach concerning how to secure OT networks and devices while ensuring the more modern IT security methods don’t create new doors for cybercriminals to exploit. Traditionally OT security teams were not in charge of advanced threats and IT security, and thus the need to converge OT and IT networks and systems are becoming more popular by the day with industrial organizations.
When organizations begin to converge their IT and OT systems, they must align their OT network with the same concrete security controls which are deployed on their IT network. By enforcing the same level of IT security controls on the OT network, it provides industrial organizations the ability to detect and mitigate different cyberattacks with an additional layer of defense. Implementing an effective OT security strategy demands a complete audit trail of security incidents while providing full visibility of any lateral movement in the OT network.
OT Systems Create More Challenges For Security Teams
Nothing in life is a simple task and this is especially true when it comes to securing OT systems and networks. With the increasing usage of IP-based communications with OT devices, there is a bigger challenge between OT & IT teams in understanding who is in charge of securing OT systems. Additionally, securing this space is not an easy task. Many traditional networks that were once disconnected, for example, power plants and water systems, are now connected with cloud-based smart management tools. This has created more security risks as OT technologies are updating with the modern Internet.
As more Industrial Control Systems (ICS) are moving to be digitalized, the result is an increased attack surface which has allowed these systems to become a favorite target for mischievous cyber attacks. Over the past decade, IT environments have quickly evolved to adopt and implement security as a key element of managing IT environments. However, OT hasn’t evolved to the quick pace of the attacks and only now are implementing the right amount of security for OT systems and networks. On top of being late bloomers to adopting and implementing security, OT industrial engineers did not think about security when creating the industrial protocols which have been in place for years.
Moving forward to the present day, the industrial industry has adopted a plethora of protocols that cover productivity and security in the newly adopted smart production environments. These industry protocols have created a massive challenge for asset owners as they are hindered to strive with security due to not having complete visibility of their OT networks and devices, lack of monitoring and not having effective security solutions to detect and respond to security attacks.
On top of not being able to completely secure and monitor OT systems, it's a challenge for OT teams to have a better understanding of their OT equipment as they are sensitive to network scanning. When an OT system is sent unexpected data or more data than it can handle, it can result in a failing activity log which creates the idea of making monitoring a bit more challenging. Additionally, ICS networks use more PC servers and remote workstations which is a recipe for a more twisted attack surface that is a combination of enterprise services and cyber physical systems. To solve these complex security challenges, the approach that industrial organizations need to take is to adopt security for both fronts and get a better understanding of which systems are more perceptive to OT active monitoring.
How Rapid7 & SCADAfence Help Improve Visibility in OT / ICS Environments
With these different security challenges in place, industrial organizations can surmount the challenges by adopting a security system that provides complete monitoring of OT systems and networks. The security system should provide an assessment of different vulnerabilities in both the IT and OT environments. Security teams need to have a clearer understanding of what is occurring with OT systems and networks and how cybercriminals are designing their attacks to exploit the OT systems through the IT environment. Additionally, industrial operators need a better understanding of all their assets and devices in their production environment, especially in their IT and OT equipment.
To help industrial organizations improve their IT and OT visibility we have partnered with Rapid7. Now, customers can integrate SCADAfence with Rapid7’s leading vulnerability risk management solution to leverage visibility into their OT assets and devices. Additionally, customers gain in-depth information around OT networks and identification of cross-site communications and connections between devices with potentially exploitable vulnerabilities.
By integrating SCADAfence and Rapid7 all under one roof, organizations can detect, assess and mitigate across the IT and OT infrastructures while improving the visibility of all their assets. By automating OT and IT security with SCADAfence and Rapid7, customers are achieving full coverage of their IT and OT systems. This is the right step to accurately defend against cybercriminals and nation-state cyberattacks on operational technology systems.
To learn more about our partnership with Rapid7, please visit: https://l.scadafence.com/rapid7-scadafence-joint-partnership
On top of our joint technical partnership and integration, SCADAfence’s research team is continually working with Rapid7’s on their annual vulnerabilities report. Read the Rapid7 2020 Vulnerability Intelligence Report to learn more about our researchers work in securing physical systems in a digital world and the OT threat landscape.