Malware attacks like WannaCry, NotPetya and Industroyer have exposed the weaknesses of OT network security in recent years. What’s especially worrying is just how quickly and easily the infections spread across systems, devices and borders without the right measures in place. Even if you weren’t specifically affected by the malware, the rise in cyberattacks targeted at OT should be cause for concern.
You might think that you’re already spending a small fortune on IT security so you’re protected from attacks like these. Unfortunately, if your IT and OT teams aren’t aligned, then you’re very much on the Titanic.
And there’s an iceberg on the horizon.
The Differences Between IT and OT Security (and Why Convergence is Important)
Anyone who’s worked as part of an IT security team will know how relentless their work can be. It’s their responsibility to identify new threats, determine a solution and then implement it before the network can be accessed maliciously.
It’s a non-stop Tom and Jerry-esque battle between themselves and hackers. Attackers find new exploits to seize valuable information while the IT teams rollout patches and update malware signatures. This task is a whole lot easier with next generation detection programs like Cylance or via deep packet network inspection tools.
These patches are managed and released regularly on an often hourly, weekly and monthly basis. It’s up to the IT team to have their ears to the ground so they’re aware of the vulnerabilities that may be exploited (while simultaneously providing end user training to reduce the risk of insider threat). They share information with the wider IT security community, act upon threat intelligence feeds and do their best to implement fixes to the vulnerabilities that hackers uncover.
A poorly designed IT network can make their task even more difficult because of the huge number of access points that hackers could exploit. The more the organisation’s network grows, the more entry points they have to worry about alongside the other daily worries of remote access software, users connecting unknown devices and more. There are a lot of moving parts for the IT team to think about - IT is dynamic whereas OT is deterministic - which is why a robust network and effective resources are essential.
One of the key differences between the two is the number of gateways to deal with. Because OT systems are designed to act in a particular way, they’re more rigid and predictable than their IT counterparts.
This means there are fewer points of entry for anyone with malicious intent. It’s a little easier to keep track of everything because we’re more certain of where an attack might try to gain access.
It may be common practice that OT systems haven’t been updated because of a business decision. This might be because downtime isn’t available or the business wants to keep hold of a good configuration. Due consideration is also needed before the introduction of IIoT to establish both exposure and risk appetite.
The systems that fall under the OT umbrella control critical parts of the plant infrastructure. They’re expected to run perfectly at all times - no delays or unplanned downtime, only limited maintenance opportunities. This means that in some instances, security measures aren’t introduced because it would mean halting production or could mean the loss of real-time data.
As a result, an increasing number of the HMIs that are currently in use operate outdated and unpatched software which may have limited security controls in place. Any one of them could introduce well-known vulnerabilities to your network. Crucially, the IT side of things isn’t aware that these legacy machines are part of the wider network. This is usually because they’re working independently of team OT and they don’t often venture out onto the plant floor, or don't have visibility of assets from the Security Operations Centre.
Why IT and OT Convergence is Important For Security
It’s thought that around half of UK businesses are currently vulnerable to OT cyberattacks. Meanwhile, OT threats are on the rise and are more common than ever before.
The rise of connected devices has left many organisations with more and more devices to manage on their networks. It’s difficult to manage these growing environments and this makes a hacker’s life a whole lot easier. To combat these threats and protect your business, it’s crucial that IT is kept in the loop with all things security, allowing them to effectively monitor all devices.
Any OT device or system connected to networks that have a lower trust level need to be effectively protected with similar robust measures to the IT side. Security should be a priority for all aspects of the business, a higher focus should be around critical assets, network gateways and especially safety systems.
Working within an established framework allows you to identify what good working practice looks like. If the IT team isn't working within these frameworks, then the OT side shouldn’t follow suit. These frameworks are well established and regularly updated to match industry changes in thought and approach.
Consider anything that OT has been issued with to improve productivity and reduce downtime. Are they secure? Are those operating the systems as aware as their IT counterparts about the IT risks that may affect OT systems?
Over 70% of respondents to our recent survey stated that a lack of cybersecurity skills is the main inhibitor when it comes to deploying IIoT and cloud technologies within the OT sphere.
For your business to be protected, it’s vital that everyone receives the training necessary to implement new technologies while still ensuring they meet strict security criteria. Staff need to understand what they’re protecting and what their exposure is. Plus, using security frameworks allows them to identify how to achieve a good level of cyber hygiene. Today’s OT solutions rely heavily on IT infrastructure, increasing the overlap of skills needed for managing the two and further showing just how important it is that IT is involved, or the skills gap is closed within OT.
Aligning IT and OT
Convergence is a crucial yet complicated process. It can’t happen overnight and for it to be a success, there has to be transparency and collaboration. For everything you need to know about IT and OT convergence, download our free handbook today. It’s filled with some of the challenges you might encounter and some best practices to follow.