Recent announcements of federal agencies obtaining warrants to breach private industry networks represent an unsettling shift in cybersecurity tactics. The goal is to root out sophisticated malware and other foreign attacks against vulnerabilities in operational technology (OT) infrastructure supporting critical manufacturing, energy, transportation and other industrial operations.
OT networks on plant floors have unique cyber risks compared to traditional information technology (IT) systems. They still employ legacy hardware and software that predominantly lacks monitoring and defenses found in corporate environments.
“On the plant floor, you’re not getting any CIS (cybersecurity information system) log data being pumped up when somebody’s making a change to a PLC (programmable logic controller) or when a new asset comes online. It’s invisible for the majority,” explains Dino Busalachi, CTO and co-founder of Velta Technology. “Without visibility, threats go undetected as production takes priority over security.”
Risks to industrial operations and infrastructure
The federal spotlight shows even large global companies underestimate the dangers of foreign access to OT. The FBI has stated the reason they’re doing this is because the people being targeted aren’t sophisticated enough, when addressing recent high-profile breaches. According to the FBI, attackers include state-sponsored groups out of China and Russia penetrating critical infrastructure worldwide on a daily basis. Yet most businesses focus solely on hardening IT networks around the perimeter.
Within production facilities and supply chains, numerous vulnerabilities enable intrusion: unpatched Windows systems, unauthorized remote access, insecure third-party connections and more.
“Bad actors are going after assets in the hands of people that aren’t cybersecurity professionals,” says Busalachi.
Groups like facilities management rarely consider cyber risks to building systems that regulate manufacturing environments, which officials note are prime targets.
Legacy hardware intensifies exposure. Predatory malware now infects basic networking components like routers and switches to stealthily disrupt operations. Attackers exploit manufacturers’ ongoing maintenance access to industrial control systems. With remote connectivity spanning across the globe, insufficient identity management makes it impossible to know who is accessing a given facility behind the scenes, when and why. Manipulated field devices can catastrophically fail without forewarning.
The possibility of government agents scanning OT networks introduces further uncertainty for manufacturing organizations and critical infrastructure operators. Well-intentioned intervention may unintentionally crash production lines, given the complexity and unfamiliarity of outside agencies with unique technological constraints. Organizations must now grapple with state-sponsored threats along with collateral business impacts from defensive responses.
IT-centric initiatives around cybersecurity falter in addressing pervasive risks on the plant floor. Differing priorities stall progress as operational managers focus on uptime and output.
“What metrics do you have at the executive level to say my plant and perimeter are secure?” asks Jim Cook, COO of Velta Technology.
Indeed, firms struggle to move the needle even after major attacks lead to substantial financial damages. Limited visibility and control breeds chronic vulnerability to intrusions by ourselves and adversary nations alike.
Actions to protect industrial control systems
Industrial firms must recognize escalating cyber perils, regardless of their infrastructure’s perceived criticality. Though federal agencies concentrate on sectors like energy and transportation, hackers evaluate a wider range of soft targets that show technological weaknesses.
All companies should reframe internal conversations to prioritize threats to their operational environments. What persistent security gaps exist around production? What business risks manifest from undiscovered malware in critical automation systems? Addressing these tough questions constitutes the first step to manage foreign cyber risks targeting the very foundations of private and public industries.
Below are key actions organizations can take to better protect themselves against threats targeting industrial operations:
- Gain complete visibility of all assets and activity on OT networks through robust monitoring and logging. This enables identifying unauthorized access attempts, insecure practices, malicious behaviors, etc.
- Implement strict remote access controls using multifactor authentication, virtual private networking, privileged account management and network micro-segmentation around sensitive assets. Review all current vendor or third-party connections.
- Establish a plan and patch or replace operating systems, software applications and legacy hardware to the extent possible to reduce attack surfaces exploiting well-known vulnerabilities.
- Develop robust cybersecurity policies addressing control system environments alongside thorough cybersecurity awareness education for OT engineers on modern adversaries and tactics.
- Conduct cybersecurity simulations with both IT and OT teams to ensure you have an internal understanding of risk and an incident response plan in the event of a cyber breach.
- Incorporate cyber risks into the integrity of automation processes in operational risk management frameworks and planning for resilience.
- Explore innovative monitoring solutions that are able to generate alerts on anomalous engineering workstations, HMIs, robotics, sensors or network behaviors indicative of threat activity.
- Engage independent industrial cybersecurity expertise to evaluate current exposures and readiness compared against leading practices. Leverage findings to shape a strategic roadmap addressing governance gaps.
The combination of increased visibility, controlled access, system hardening, risk-aware cultures, resilience preparation, advanced monitoring and specialized security guidance helps position your organization to combat rising threats targeting essential yet vulnerable production systems.
Stay proactive versus putting your organization in a position of being reactive. Take steps now to get safer sooner.
Do you have experience and expertise with the topics mentioned in this article? You should consider contributing content to our CFE Media editorial team and getting the recognition you and your company deserve. Click here to start this process.
