What’s threatening your OT network and how to protect it?
A digital transformation in industrial environments usually involves converging IT and OT networks [lien vers TO 01]. But these super networks are exposed to a growing range of cyber threats that use the Internet to infiltrate businesses. Here’s why your OT network might be vulnerable and how you can protect yourself against attacks.
Why is the threat growing
There are four main reasons why we’re seeing cyber threats target OT networks.
1 - Increasingly complex systems
With the digital transformation, businesses have made their systems more complex. They’ve added more production equipment to their OT networks along with tons of sensors as they adopt the Internet of Things (IoT). Processes that were previously isolated are now increasingly connected to one another. This interdependence means that a failure or attack in one area can have repercussions elsewhere in the company.
2 - Increasingly open systems and networks
Many companies are having to open their systems to customer-facing interfaces and, either directly or through electronic markets, adjust production volumes and product characteristics to demand—and all this in real time.
In addition, over the years, closed network architectures like LAN and TCP/IP have been replaced by more open Internet-enabled alternatives. This makes it easier to infiltrate companies virtually.
3 - The use of standard equipment and software
In an attempt to keep things simpler, faster and cheaper, companies are increasingly opting for out-of-the-box IT products instead of custom items. Since these products are distributed in large volumes worldwide, they have attracted the attention of hackers from all four corners of the planet. Once they detect a vulnerability in a product, everyone who uses that product is suddenly at risk.
4 - Increased data exchange
Today’s companies are systematically collecting data to monitor a product’s manufacturing process and sometimes even its entire lifecycle. This has dramatically increased the volume and criticality of the data that circulates in-house and in external environments. As a result, businesses have more digital assets they need to protect and industrial companies face serious cybersecurity risks.
Most attacks happen through the Internet
In its 2019 Global ICS & IIoT Risk Report, CyberX analyzed the traffic captured for some 850 industrial control systems (ICSs) and found that 40% had at least one direct Internet connection and 16% had at least one WiFi access point. Internet access exposes industrial systems to new types of attacks.
At least, that’s what security software provider Kaspersky believes. The company collects data anonymously from clients who consent to sharing their information for statistical purposes. According to the data analysis presented in its Threat Landscape for Industrial Automation Systems (H2 2018) report, Kaspersky successfully prevented malicious activities in 41% of ICSs connected to the Kaspersky Security Network. Two out of every five networks were targeted. North America was less affected than other regions, but the average attack rate on this continent seems to be between 15% and 25%.
Globally, the main channels used by attackers were:
- The Internet — Used in 26% of ICS attacks;
- Removable peripheral devices (e.g., USB key) — Used in 8% of ICS attacks;
- Email — Used in 5% of ICS attacks.
5 ways to prevent cyberattacks
You’re not powerless against cyber criminals, spies and hackers. Here are five things you can do to protect your OT network in the era of Internet and wireless connectivity.
1 - Set firm rules for physically accessing equipment
Your first line of defense is controlling what happens on the floor and limiting who gets physical access to your equipment. In addition to establishing strict controls for production equipment, you also need to apply the same rules to the network equipment that supports your OT and IT networks. Concretely, this involves restricting access to certain rooms and cabinets through the use of keys, codes, cards or biometric recognition.
2 - Limit logical access to production equipment
Network access control (NAC) offers a detailed, dynamic and personalized way to manage who has the right to connect to which devices and under which conditions. This option is already popular for IT and can be highly effective for OT networks.
3 - Make sure your network is properly segmented
When integrating your IT and OT, you have to respect each network’s specific features. The best way to successfully converge the two is to carefully segment the IT/OT network to keep it secure and efficient.
4 - Promote unified network management
A growing OT network needs a lot of attention and frequent interventions. A unified network management system is a great way to centralize actions, keep equipment secure and control access.
5 - Secure your WiFi networks
Enabling wireless communications for your OT networks opens the door to unique security challenges. However, there are things you can do to prevent WiFi connectivity from putting your company’s OT network at risk.
At NOVIPRO, our experts are familiar with industrial security and business continuity needs. Do you need to secure your network and decrease the risk of an unforeseen incident? Contact us today.
Read the next article of this serie: How to manage access to your OT network.