Cybersecurity breaches targeting industrial systems and assets are becoming regular news. In September, CNET reported that hackers gained direct access to the U.S. power grid. How? Through employee email.
In 2015, Wired demonstrated how it could hack a Jeep through its infotainment system. Ethical hackers took control of the car, including its steering, acceleration and braking systems while it was driving on a highway. Within two days, Jeep recalled 1.4 million cars to address the vulnerability.
IT-OT Convergence Presents Risk
The convergence of informational technology (IT) and operational technology (OT) systems (the world of physical things) presents increasing risk. Many operational technologies are legacy systems that were never meant to be connected to IT environments. This includes manufacturing plants, water treatment facilities, buildings and locomotives that are connected, often with retrofitted equipment.
But cyber incidents don’t have to be inevitable. Companies can take proactive steps to prevent these hacks and act swiftly when they happen through an active approach to cybersecurity that encompasses three key pillars: physical environment, policies and procedures, and analysis of the data itself.
Secure the Physical Environment
A secure physical environment should be table stakes in any organization. One security measure is to install badge readers that authenticate and log users along with an alarm system that would alert appropriate parties to a breach. Critical pieces of infrastructure and hardware must be locked down so an attacker can’t walk onto the property and start tampering with ethernet cords, downloading sensitive information or even going so far as to issue commands.
Another method to secure a physical environment is closed circuit TV (CCTV). Continuously monitoring an environment can detect security breaches as they happen and provide a retrospective source of truth when investigating these incidents. New technology such as vibration sensors add another level of security, recognizing movement that’s indicative of a physical intrusion and immediately alerting security personnel.
Enforce Strong Policies and Procedures
The second pillar is adopting strong policies and procedures that govern how technology is implemented across an organization. Procedures must address all aspects of security from onboarding, to use, to retirement. In the IT space, restricting download privileges to certain software prevents people from bringing malicious software into an environment. In the OT space, how you acquire, maintain inventory and physically and technologically secure an asset is vital to safeguarding operations. This could include physically storing the asset in a secure location, setting user permissions and changing default passwords. These measures must be documented and audited, allowing for precise identification of the source of an attack, should one occur.
Policies and procedures act as a guide for employees in how to address incidents and effectively mitigate and recover from them. Still, organizations sometimes face resistance from employees when developing and enforcing these types of security measures. To help bolster employee support, consider including employees in the creation or review of documentation.
Proactively Use OT Data
Just as IT equipment generates data, so does OT equipment. Using that data to generate insights is the third pillar of OT cyber security. New platforms have the ability to standardize and analyze data from across OT equipment from different OEMs. When that data is combined with world-class data science and predictive analytics, it’s possible to proactively detect incidents before they develop into full-blown catastrophes.
Testing these three pillars regularly ensures ongoing organizational security. One method to do this is to conduct penetration tests or security assessments. These can be conducted internally, but ideally are carried out by a third party that can pressure test assumptions. These teams recon your operating environment, identifying vulnerabilities that could lead to attacks. The team may go as far as to exploit vulnerabilities (pending safety and operational concerns) to demonstrate the potential impact. This exercise enables the team to identify flaws in the physical environment, infrastructure, and policies and procedures, uncovering data that can be monitored on an ongoing basis to prevent incidents. The result is a series of recommendations, prioritized by likelihood and severity, that harden your environment.
With greater connection comes greater risk. While it’s not always possible to upgrade legacy equipment or implement new technology and entirely safeguard from malicious OT attacks, it’s possible to mitigate those risks with a secure physical environment, airtight policies and procedures, and obtaining security insights from OT data.
About Your Guest Blogger:
Mike Petitti leads Uptake’s IT and operational technology cybersecurity business. Prior to Uptake, he worked at Trustwave for more than 14 years in several executive management roles. Most recently, he was SVP of global alliances, responsible for the information security and compliance strategy of the payment services unit serving the largest banks and processors in the industry. Prior to Trustwave, Mike worked at several companies, including Exelon, Occidental Petroleum and J. Walter Thompson. Uptake is a proven, robust predictive analytics SaaS platform delivering products that enable outcomes across industries. Uptake has integrated our unparalleled data science, machine learning and state-of-the-art security with deep industry knowledge to create market-leading solutions worldwide. We focus on outcomes that positively impact the productivity, reliability, safety and cybersecurity of your business – providing the right insight to the right users at the right time.