OT Security Technology (OT) refers to systems used to monitor and control industrial operations. Industrial Control Systems (ICS) includes systems used to monitor and control industrial processes.
Supervisory Control and Data Acquisition (SCADA) systems are used to control and automate industrial processes. SCADA systems includes:
Supervisory computers: the servers used to manage the process gathering data on the process and communicating with filed devices (PLC/RTU). In smaller deployments HMI is embedded in a single computer, in larger deploy HMI is installed into a dedicated computer.
Programmable Logic Controllers (PLC): digital computers used mainly for automating industrial processes. They are used to continuously monitor sensors (input) and make decisions controlling devices (output).
Remote Terminal Units (RTU): nowadays RTUs and PLCs functionalities overlap with each other. RTUs are usually preferred for wider geographical telemetry whereas PLCs are better with local controls.
Communication network: the network connecting all SCADA components (Ethernet, Serial, telephones, radio, cellular...). Network failures do not necessarily impact negatively on the plant process. Both RTU's and PLC's should be designed to operate autonomously, using the last instruction given from the supervisory system.
Human Machine Interface (HMI): displays a digitized representation of the plant. Operators can interact with the plant issuing commands using mouse, keyboards or touch screens. Operators can make supervisory decisions adjusting or overriding the normal plant behavior.
In short and simple words:
Industries are managed by sophisticated, mission critical computers (SCADA systems);
Security is not the first priority in OT/ICS;
Operators can manually override the behavior of the plant via mouse/keyboard/touchscreen, locally or remotely;
A malicious software can override the behavior of the plant like HMI does.
OT security:
OT security is a high-priority task for every organization to meet market demand and plant availability. Due to the low visibility of assets, OT security management can be difficult for organizations. Fortunately, there are steps that can be taken to reduce the high-level risks. An effective security program can be achieved with the correct knowledge and careful planning and implementation.
According to the 2020 Global IoT/ICS Risk Report, 71% of these networks have outdated operating systems that are no longer receiving security updates, 64% are using insecure passwords, and 66% are not updated with the latest antivirus updates. This presents the following problems:
Direct Internet Connections: Most organizations have direct connections to the public internet. It is common knowledge that only one internet-connected device is enough to provide a gateway for attackers to introduce malware into OT networks.
Insecure Passwords: Operators have been using insecure passwords for convenient entry to the networks. This makes it easy for attackers to use brute-force discovery of credentials to gain unauthorized operator access.
Unnecessary Exposure: Many industries have at least one misconfigured wireless access point that many devices such as laptops can access. To prevent malware attacks, access point configurations must be audited to reveal any misconfigurations.
Outdated Operating System: An outdated operating system that no longer receives security updates is extremely vulnerable to security attacks. All machines, including access points, must be inventoried and patched to the latest manufacturers specifications to prevent compromise.
The reasons for these issues, according to a study done by Deloitte on smart factories, are:
IT and OT are out of sync. A divergence between IT and OT strategies and the lack of communications lead to frictions in the two departments that have very different objectives that often leaves the organization vulnerable to exploits.
False sense of security. Adding technologies without a clear strategy is unlikely to be sufficient to secure business critical systems. Therefore a comprehensive 360 strategy is required to examine all digital assets/processes and make sure they are truly secure.
In general, what manufacturers mostly invest in is monitoring solutions:
While 90 percent of manufacturers surveyed report capabilities to detect cyber events, very few companies today have extended monitoring into their OT environments. And fewer than half of manufacturers surveyed have performed cybersecurity assessments within the past six months.
Whereas (according to the report) the main priorities in bridging these issues are:
Perform a cybersecurity maturity assessment.
Establish a formal cybersecurity governance program that considers OT.
Prioritize actions based on risk profiles.
Build in security.
Even so, these are very general guidelines and pain points that are often met in such environments. In cybersecurity there are no "one size fits all" solutions. Each system has its unique demands and each factory engages in digitization at its own rate and budget. Thus securing such investments requires examination by a team of dedicated professionals and tailoring the strategy they need.
CyberHub offers a wide range of experts and teams available per project and on a permanent basis. We have several teams of experts with OT project experiee Contact us for a consultation.
Comments