According to a recent survey of executives at critical infrastructure organizations, 57 percent believe they lack appropriate controls to protect their environments from security threats.
The findings underscore the challenges industrial organizations face, compared to businesses that only need to protect IT networks. A whopping 35 percent of respondents said they have little visibility into the current state of security within their OT environments, while 23 percent reported they have no visibility. From a risk perspective, 63 percent claimed that insider threats and misconfigurations are their biggest security concerns.
Industrial threats are no longer hypothetical. Recently, the United States Emergency Readiness Team issued an alert, Russian Government Cyber Activity Targeting Energy and Other Critical Infrastructure Sectors. The alert noted that since March 2016 Russian government cyber actors have targeted U.S. government entities and multiple U.S. critical infrastructure sectors, including aviation, energy, nuclear, and water.
The alert details the Russian government’s actions in the DragonFly 2.0 campaign of 2017, in which hackers infiltrated energy facilities in North America and Europe and escalated operations, possibly signaling a shift from intelligence gathering to industrial sabotage.
Since most of the critical infrastructure in the United States is owned and managed by the private sector, the question being raised is who is responsible. While most are making investments to secure their IT environments, many have failed to address threats to operational technology networks.
Lack of IT-Grade Controls
Industrial control systems (ICSs) are both the backbone and the Achilles’ heel of every nation’s critical infrastructure. If compromised, they can cause widespread hardship, environmental and even physical damage. Compared to their IT counterparts, operational networks pose very different security challenges.
For example, programmable logic controllers (PLCs), the dedicated industrial computers that make logic-based decisions to manage industrial processes, were not designed with any built-in security. If a PLC is the victim of a cyber-attack (one that alters the logic or disables the unit), the effects could be catastrophic, physically and financially.
Another huge challenge for managers of operational networks is trying to do what IT managers take for granted — monitor the network activity, and indicators of compromise.
Purpose-Built OT Security is Needed
The lack of visibility and control in ICS networks exposes industrial processes and critical infrastructures to undue risk. In order to prevent unauthorized process changes and protect against insider threats, external attacks or even human error, specialized monitoring and control technologies are required.
Comprehensive, real-time visibility into the control-plane activities of industrial networks is vital for security. It provides the ability to detect engineering changes made to industrial controllers either over the network or via local connections on the devices. Such monitoring is the most effective way to detect threats and unintended modifications.
Specialized OT-specific technologies are needed to address these challenges. Fortunately, solutions that can identify suspicious or malicious activity and take preventative action to limit or prevent damage are emerging.