In an era of increased frequency and sophistication of cyber threats, any one defensive approach can be hacked. To be fully guarded, a secured network must incorporate several different components.
A cyber-attack on an exposed OT Network is a looming security risk with potentially devastating consequences including extended production downtime, system reformatting and possible hardware replacement. Part 1 of this 2-part blog series helps the reader to understand both the challenge of securing the network as well as the urgent need to do so. Part 2 of the series discusses most of the OT network components and structuring strategies that collectively build a zero-trust network architecture. The goal is to be sufficiently resilient to remain in operation in the midst of an attack.
The OT network comprises a variety of interconnected devices.
The Operational Technology (OT) space on a plant floor is a highly complex network environment with distinct characteristics from its Information Technology (IT) network cousin. The space has traditionally been used in a limited manner, connecting local devices that communicate with each other for production purposes and little else. While these devices may be of varying ages and vulnerabilities, as a group their network use patterns are similar, and distinct from typical IT network traffic. Devices on an OT network are generally setup to run all the time, requiring very reliable, and continuous communication as they control and coordinate the manufacturing process. Their lifespan is typically longer than IT devices, which means that supporting legacy and aging devices is often a requirement.
Greater Data Visibility Comes with the Increased Risk of a Cyber Attack
In recent years, there has been a push for greater data connectivity and visibility from the production floor all the way to management. This need defines digital transformation – data originating from the production floor has a purpose much further away than locally connected devices.
- Used to analyze efficiencies, look for weaknesses and bottlenecks in production flow.
- Provide better insight for business decisions.
- Administering to the demand for external data, such as firmware upgrades to find its way to manufacturing equipment.
This change in data use pattern requires the joining of the OT and IT Network within a production environment. To accommodate this evolution, the OT network breadth and visibility has expanded. With it comes the increased exposure to potential cyber threats targeting all types of connected manufacturing equipment.
Making the Case for Cybersecurity
Cyber criminals have been increasingly targeting the manufacturing sector for the past several years. The growth of data compromise within this sector is staggering, moving from 70 attacks in 2020, to 222 in 2021, to 249 in 2022. Between 2019 and 2023, the average cost of a data breach in the industrial manufacturing industry was found to be approximately 4.5 million dollars.
When a breach is successful, attackers will often demand money in exchange for returned data. With no proven track record, the victim company is then forced to make the difficult decision of either paying off the criminals in the hopes that their data will be returned, or leaving it all behind and rebuilding from the attack. Both are difficult, expensive options with severe consequences.
The case for securing an OT Network within a production environment can be considered by asking oneself the following questions:
- If a ransomware attack occurred tomorrow, and compromised all backups, how much of a problem is that for you?
- If you had to format your entire system and replace some hardware to return to normal operation, what would be the consequence?
- Do you have security insurance? Would you like to reduce the premiums by implementing some well-known industry standard solutions
An IT-OT Assessment: Getting Started with Protecting the OT Network
Protecting an OT network begins with fully understanding the current network topology as well as the layout and credentials of the devices that currently communicate on it. An IT/OT assessment, done by experienced system integrators, will provide this detailed inventory of the current state of a company’s network and devices. Vulnerabilities will be identified; defensive and offensive approaches to dealing with cyber threats can then be considered.
Continual Verification – the Basics of the Zero-Trust Approach to Security
To combat the ever-increasing complexity of cyber-attacks, a multi-pronged, offensive, and defensive approach must be taken. The “zero-trust” strategy has been around for a while but has recently gained attention by OT security practitioners looking to implement the approach to their networks. It is a different, nearly inverse approach than that which is normally implemented within an OT Network, which assumes a “safe zone,” and primarily defends that zone at its perimeter.
In contrast, zero-trust is a cybersecurity strategy –
- That assumes no initial or continual trust for any device attempting to access the OT Network.
- Full identification and credentialing occur on a continual basis.
- Traffic monitoring is continual, access is limited, and no safe perimeter is assumed.
- It requires a collection of network components and software solutions, each doing their own task that collectively keeps the network secure.
To begin the process of protecting an OT network, organizations should consider conducting an IT-OT assessment to identify vulnerabilities and then consider the process of implementing the zero-trust OT network architecture.
The second part of this blog series breaks down and discusses the specific devices needed to adequately implement this architecture so that the OT network is effectively monitored and defended from cyber-attacks.
Begin Your Journey to Industry 4.0
Download our Beginner’s Guide to IT/OT Assessments to gain an understanding of what an IT/OT Assessment is, its benefits, and how to get started today.