The original version of this article was pulled from Food Engineering featuring Kevin Romer, Principal Engineering and Matt Smith, network architect IT/ICS for E Tech Group. Click here to read the original article.
Cybercriminals Custom-Tailor Their Ransom Demands To Your Budget.
According to the FBI, the three most common IT/OT (operational technology) infection vectors are email phishing campaigns (aka BEC or business email compromise), remote desktop protocol (RDP) and software vulnerabilities. While some hackers may intentionally want to bring down your production systems using the second and third vectors, “we’re only in it for the money” is a far better motive for breaking into your IT/OT systems—and what better way to do it than through the phishing emails scattered among the zillions of emails you get every day. Accidentally clicking on one email link can quickly connect you with ransomware—which can not only shut down your business system, but also your production systems, if they’re not protected.
The Role Subpar Control Systems Play in Cyber Attacks
“Once inside an organization, ransomware groups and affiliates will often take advantage of the misconfigurations within an organization’s Active Directory security posture,” says Marty Edwards, Tenable deputy CTO of OT/IoT. “Gaining domain privileges provides attackers with the necessary capabilities to distribute their ransomware payloads across the entire network.”
According to the IBM “X-Force Threat Intelligence Index 2022,” ransomware was the number one attack type in 2021, accounting for 21% of all attacks. According to a 2022 SANS Institute survey, 40.8% of OT/industrial control systems (ICS) compromises came down from business IT systems. To safeguard production systems, manufacturers need to isolate OT from IT systems—or at the very least be able to have a quick disconnect when IT systems are infected.
Secure Automated Systems Require IT/OT Separation
In this article, we look at IT attacks and their potential to spread into OT systems. Unfortunately, OT systems—in and of themselves—are also subject to direct attacks, and we look at methods to remediate potential OT incursions as well as describe some new tools to discover and prevent attacks.
As an aside, cyber insurance may be of some help—at least insurers will make sure before underwriting a policy that a potential insured company is up to speed in cybersecurity training and protection—doing its part to minimize cyberattacks.
According to Kevin Romer, principal engineer IT/ICS at E Tech Group, a CSIA-certified systems integrator, in the OT/ICS infrastructure there are significantly more vectors used to exploit vulnerabilities due to:
- A lack of IT-savvy staff at the operational sites to install and maintain security standards adapted for OT systems
- A significant installed base of aged PLC and drive control equipment—and panel computers, which are multiple firmware versions behind and no longer able to accept updates
- Engineering stations, operator machine interfaces and historian applications running on older operating systems that are no longer supported and cannot run anti-virus software without special provisions
- Control panels with unmanaged switches—the same switches used in a home network—that still have the default login and password
“One of the most common threat vectors to OT would be the phishing emails that inadvertently allow access into the IT system, but if there is an OT laptop or engineering station that is allowed to [access] both IT and OT networks, the breach has a greater potential for gaining access across the infrastructure,” warns E Tech Group’s Romer.
Limiting physical interconnectivity between IT and OT lessens the spread between IT and OT, but unfortunately isn’t always acceptable in management’s quest for Industry 4.0.
Tools to Thwart Cyber Attacks on Your Systems
According to Matt Smith, network architect IT/ICS, E Tech Group, the tools used today to detect new threats or even malicious efforts from inside the company include:
- East/west traffic monitoring
- AI self-learning of network source, destination, application protocol and behavior tracking
- Device categorization traffic normalcy checking
- Communication baselining
Years ago, north and south traffic through firewalls and end point antivirus were the primary tools of the trade. Although of course still used today, they are not the only tools used to monitor traffic, adds Smith. To get an understanding of the best tools for your facility that will shore up your building’s automation system(s), an IT/OT Risk Assessment trumps everything else.
What is an IT/OT Risk Assessment?
E Tech Group’s IT/OT Risk Assessments can provide a great first step in increasing your cybersecurity measures and protection. A risk assessment includes a thorough audit of a production facility’s control systems and network architecture. A directory and map are generated to offer a visualization and paper trail of the facility’s automated systems as a whole.
A list of potential threats, risks, and end-of-life/obsolescence issues is created, assessed and analyzed by E Tech Group engineers. This allows effective budgeting and planning for recommended remedial work. We use the data we’ve collected and analyzed from the assessment to create mitigation plans according to the client’s goals, resources and time constraints.
Why Are Risk Assessments Important?
An IT/OT Risk Assessment is an invaluable tool for a production facility’s operations, but it’s also a key tool for cybersecurity. Understanding the weak points and blind spots in your current control system architecture informs you on what automation upgrades – whether equipment, panels or software – are immediate needs vs what’s to come in the future. E Tech Group offers clients comprehensive reviews of their systems and a detailed, experienced eye on cyber security as it applies to network architecture and control system design. We can help your facility become a veritable fortress against ransomware attacks and hackers with malicious intentions, integrating and streamlining your production processes at the same time.
Begin Your Journey to Industry 4.0
Download our Beginner’s Guide to IT/OT Assessments to gain an understanding of what an IT/OT Assessment is, its benefits, and how to get started today.