In their rush to digitalize operations while introducing autonomous AI-based production and wireless interconnectivity, the manufacturing and utilities sectors are leaving themselves wide open to attacks from hostile nation-state actors and organized cybercriminals.
Industry 4.0, the so-called ‘fourth industrial revolution’, is already underway and will continue to accelerate throughout the 2020s as operational technology (OT) systems start to encompass not merely two-dimensional assembly lines but new technologies such wireless networks controlling AI-driven robotics. Other key 21st century technologies such as renewable energy and 3D printing are also now being introduced to the industry, increasing OT systems’ already growing need for digitalization.
Cyber Attack on the Biggest Nuclear Power Plant in India
Growing network complexity and automation inevitably increase the requirement for online communications with third parties, thereby providing a constantly growing choice of entry nodes for determined threat actors. The cyberattack on India’s newest nuclear power station, the Kudankulam plant, that was confirmed last week, is only the most recent in a growing number of cyberattacks now hitting crucial utilities and manufacturing facilities across the globe. Although the Kudankulam attack is now being attributed to North Korea, western economies are equally under threat from state actors such as Russia and China, who have been actively launching attacks on critical infrastructures at the west for years. Often such attacks are part of covert operations designed to look like straightforward criminal ransomware attacks, which are also becoming increasingly common.
Current State of Operational Disruptions
The growth of cybercrime, cyber warfare and cyber terrorism across the globe also means that critical infrastructures and production plants can also easily become collateral damage as they fall prey to threats such as WannaCry and NotPetya, originally designed to hit organizations across the board but are also exploiting the vulnerabilities of OT systems. This has caused operational disruptions in automotive, food, pharmaceutical, and other manufacturing plants. Spear phishing, whaling, and waterholing have been proven by threat actors to be highly effective attack vectors when targeting critical utilities and manufacturing facilities.
There is also a massive body of evidence to show that threat actors are broadening their range of fire. Governments on both sides of the Atlantic, for example, have been guilty of focusing on the threat to power facilities while ignoring escalating attacks on water utilities. If anything, a region without water or working sewage would descend into chaos faster than one deprived of electricity. Ever since 2012, water utilities on both sides of the Atlantic have been suffering operational damage or financial loss as a result of orchestrated cyber-attacks.
Convergence Between IT/OT
The inevitable crossover between IT and OT systems means that organizations must align their OT network with the same high level of security controls deployed across their IT network. The ability to be able to respond to cyber-attacks with set playbooks is as crucial to OT security as it is to IT. Effective OT security also requires a full audit trail of security incidents together with maximum visibility of any lateral movement in the OT network. Risk management, risk assessment, threat intelligence gathering, traffic pattern analysis and real time incident reporting are all crucial for successful IT/OT convergence.
SCADAfence Presents at the (ISC)2 Security Congress
Elad Ben-Meir, CEO at SCADAfence gave a lecture at the (ISC)2 Security Congress in Orlando Florida last week. Elad lectured about the adoption of digitalization and automation technologies which result in increased connectivity of industrial networks. This forces OT and IT security teams to increase their cooperation with each other like never before.
While all of today’s hyper-connectivity has many productivity and efficiency advantages, it makes OT networks vulnerable to an array of new attack vectors. Both IT and OT security teams have common goals: to secure the organization from cyberthreats, human errors, and malfunctions.
Two Best-Practices to Implement IT/OT Convergence Successfully
- It was mentioned at the Security Congress event, that a best practice is to take someone from the IT world and to put them to work on the OT side, and vice versa. This is great because each one of these professionals can apply their knowledge to help the other team in areas which they have less expertise, thereby enriching the security and enhancing the communication of both sides.
- Compliance is a huge factor in OT Security. Compliance organizations have to adhere to regulations, but that doesn’t necessarily mean that organizations are protected. Regulations often create a blind spot causing organizations to have the illusion that they’re protected but that is often not the case.
OT Systems are in Dire Need of IT-level Cybersecurity
Ultimately, without adopting IT-level security for OT as it marches into the 21st century world of wireless robotics, AI and 3D printing, the industrial sector will not only be vulnerable to ransomware attacks and corporate espionage but will also be in danger of becoming collateral damage in even a low-level nation-state cyber conflict, unless the right steps are taken to protect OT with IT-level cybersecurity.