How to navigate modern challenges in OT cybersecurity

Courtesy: Chris Vavra

OT cybersecurity insights

  • Protecting critical OT infrastructure requires holistic plans, worker education, and vigilance due to increasing cybersecurity risks.
  • Cybersecurity attacks stem from network complexity, technology gaps, and training deficiencies, necessitating improved IT/OT integration and workforce expertise.
  • Overcoming cybersecurity threats involves fostering a strong cybersecurity culture, implementing best practices, and utilizing advanced techniques like secure remote access and intrusion detection systems.

As operational technology (OT) becomes increasingly interconnected and susceptible to cybersecurity threats, safeguarding critical infrastructure has become more important than ever before. In today’s digital landscape, where technology advancements enable greater efficiency but also introduce new vulnerabilities, organizations must adopt holistic strategies and empower their workforce with the knowledge and tools necessary to combat evolving cyber risks effectively.

While greater connectivity is great for business, it also makes cybersecurity attacks a greater threat, said Matt Wiseman, senior product manager at OPSWAT, in his presentation “Safeguarding Removable Media: Unraveling the ICS Attacker’s Playbook” at the ARC Industry Forum in Orlando.

The goal is improving uptime and preventing downtime by adhering and following the latest compliance standards and developing best practices that can withstand the constant threats from attackers.

“It’s quite a challenge to stay on top of these different measures,” he said. “You try to be as protective as possible and prevent infiltration into critical assets.”

The critical assets that make up the OT landscape are an issue because many of them were developed before the internet was a concern. Trying to integrate technology that can be up to 40 or 50 years old with the internet while also making it seamlessly operate with more current technologies and systems is not an easy task, even when the internet is taken out of the equation. While cybersecurity is crucial, Wiseman said, it’s also important to find a solution that doesn’t grind operations to a halt.

Three reasons why cybersecurity attacks happen

With the cybersecurity attack surface widening, companies need to be on their guard. That’s easier said than done, though, with the pace of technology and worker knowledge becoming a major challenge. He cited three key reasons why cybersecurity attacks happen:

  1. Network complexity: Converging information technology/operational technology (IT/OT) systems is not an easy task to begin with. Adopting the Internet of Things (IoT) has expanded the network attack surface and users have more mandates to comply with than ever before.

  2. Technology gaps: Wiseman said malware has become more sophisticated and is capable of bypassing detection systems. There’s also major supply chain vulnerabilities and weak points with insecure devices and weak networks vulnerable to hacks.

  3. Training gaps: There’s a lack of practical training for the workers they do have and a lack of expert workers and support. The need for people well-versed in IT and OT is very high, but there aren’t enough workers to go around.

Overcoming cybersecurity attacks with a better culture, focus

Cybersecurity attacks performed by nation-states in a deliberate act of aggression are a legitimate worry, but Wiseman said they’re less likely to occur.

“The real concern is the innocent employee doing something they didn’t realize was wrong,” he said.

Companies can overcome this by instilling best practices into workers and developing a cybersecurity culture that is consistent and improves the company’s posture over time.

Techniques such as secure remote access and network security visibility with an intrusion detection system (IDS) also can help, but it comes down to the worker and knowing what to look for.




Keep your finger on the pulse of top industry news