Trends and expectations for OT security in 2023
Rachid Groeneveld, Security consultant
Industrial organisations are constantly exploring and adopting new opportunities to take advantage of IT innovations in their operational technology (OT). OT and IT are increasingly intertwined to reap the benefits of modern technology and gain a competitive advantage. The fusion of IT and OT brings interconnected systems and data analytics, supervisory control and data acquisition (SCADA), industrial control systems (ICS), Industrial Internet of Things (IIOT), and smart sensors to company and manufacturing processes.
The flipside to the increasing connectivity of operational technology of external networks is the increase in attacks on OT environments and systems. With the benefits of increased efficiency and shared data come mounting OT security risks to the infrastructure. This means that OT security should be an important part of your security landscape. This article will explore the most important trends and expectations for OT security in 2023.
What is OT security?
Before we take a look at the most important and pressing OT security trends for 2023, we should define what OT security is. OT security is the full stack of hardware and software used to monitor, detect and control changes to devices, processes and events. OT security is commonly used to protect industrial systems and networks from cyberattacks. Operational technology security is necessary to protect and control critical infrastructures such as power stations, transportation networks, water distribution systems, and smart city appliances.
The most important OT security trends for 2023
Now that we know what OT security is and why it is of the utmost importance in modern industrial, production and manufacturing environments, let us delve a little deeper into the five major OT security trends for 2023.
1. Increasingly digitised operational environments
Operational environments (SCADA is a good example) are becoming increasingly digitised and more inclusive of IoT technologies. In the past, a malware infection would usually only impact a company’s administrative network. The interconnected and digital transformation of networks and operational environments now makes them all open to risk. This trend can negatively impact a company’s downtime, but also has the grave potential to compromise the physical safety of employees in the workplace. Tech observers even notice a shift amongst threat actors away from financial services to the manufacturing industry.
2. From business interruptions to physical harm
Causing business interruptions used to be the main goal of malware and cyberattacks. But the spillover from malware and cybercrime from IT into the domain of OT has broadened and shifted the scope of cyberattacks. Nowadays, attackers regularly focus on causing physical harm to companies or even nation-states by targeting companies or facilities that deliver essential services and utilities (raw materials, energy and water, infrastructure, finance).
Cyberattackers are already using operational technology environments as weapons, they can be successful enough to cause human casualties. The Russia-Ukrainian war and the increasing political tensions between China, Taiwan and the United States only exacerbate the potential geopolitical threats OT systems face.
Following the start of the Russia-Ukraine war, there has been a significant rise in hacktivism (politically or ideologically motivated hacking and cybercrime). It’s likely that these attacks will further increase and evolve in 2023. Researchers found that out of a total of 57,116 DDoS attacks discovered in the third quarter of 2022, the majority appeared to be politically motivated. In the coming year, we can expect to see military groups around the world increasingly rely on expert hackers to attack other nations’ critical infrastructure and private business operations.
3. The expansion of IoT and more DDoS bot attacks
By 2025, there will be approximately 25 billion IoT connections worldwide. Many companies already have different kinds of IoT technologies connected to their network, including passive RFID, real-time location tracking, GPS tracking, security sensors, grid sensors, and condition sensors. These devices use a wide range of communications protocols, including Wi-Fi, cellular systems (CDMA/GPRS/4G), mesh networks, telematics, and near-field communications (NFC). This rapid accumulation of IoT devices in OT environments increases the threat of large-scale DDoS botnet attacks, since many IoT devices lack built-in security measures.
4. Governments and companies get fully committed to reducing OT security risks
Operational technology has long been one of the most targeted and lowest-prioritised technology areas. OT is low-hanging fruit for attacks and is so ingrained in the critical infrastructure systems that organisations are struggling to keep up with the pace of change in cybersecurity. In the light of growing OT security threats, governments and companies are expected to crank up their OT security in 2023.
More and more companies are recognising the importance of building a dedicated culture of IT and OT security. A growing number will look to invest in extensively training their end users to better detect OT and IT security threats. Organisations will also increasingly look to reassess their training programs. This strategy allows users to get familiar with the bribery and extortion tactics associated with the latest social engineering schemes. The US government and European Union are also busy bolstering IT and OT security through new regulations and the promotion of custom-made detection, scanning and security tools.
5. Outsourcing OT security
Since the breadth, complexity and frequency of cybersecurity risks exponentially increases by the day, organisations have a huge demand for skilled and experienced IT talent. But these people are in short supply. As the talent shortage continues to grow, a growing number of organisations will consider alternatives such as outsourcing and management of core cybersecurity functions such as OT security.
Collateral damage and supply chain risks
The above-mentioned trends are mainly direct threats, but it is also possible that organisations become victims as a result of collateral damage. Consequences of cyber-attacks on OT security can often be unintended and the methods are often imprecise. This leaves a big risk for collateral damage. When a cyber-attack takes place on one company, it may affect others in the process. You might think that your information is unimportant or unattractive to cybercriminals, but this is often not the case. Don't underestimate the desirability of your data!
There are several potential risks to OT systems that are associated with the supply chain. A supply chain incident happens when the components that make up the OT system are compromised. A well-known example of a supply chain attack was the Solarwinds attack. This attack compromised the servers of a software company that sells network management tools, causing them to update customers' computer systems with software that had malicious software, which in turn infiltrated their customer's systems.
Challenges with OT security
At Nomios we understand that OT has very different life cycles than IT, e.g. machines in OT last 15-25 years and are regularly controlled by applications running on for example Windows XP. These machines often cannot be updated because then the manufacturer no longer guarantees the operation of the machine (costing several tons to millions).
So instead of patching, we need to secure these OT environments in another way. How? That depends on your situation. Reach out to us and we'll help you with a secure OT environment
What can you do to keep operational technology secure?
Now that we have explored the most important OT security trends and threats, it’s time to look at the options that you have when it comes to properly securing your OT environment.
Adopt a zero-trust framework and approach
Zero-trust network access provides controlled identity access and context-aware access to resources, reducing the surface area for attack by hiding applications and resources from public view. It allows you to prevent unauthorised access within application environments irrespective of where they are hosted.
Segmentation and micro-segmentation (dividing your network or IT environment into separate logical and physical components) allow you to isolate critical infrastructure components from production networks, IoT devices and user environments.
Asset vulnerability management
Make serious work of asset vulnerability management that goes further than simple vulnerability scanning. Such an approach should include:
A real-time and continual assessment of vulnerabilities across the entire organisation. This provides you with detailed information on the evolution of OT security threats.
Properly identifying risks for all known vulnerabilities. Focus on the business criticality of certain OT components and corresponding threats to prioritise the most pressing OT security risks.
Apply continual program management of the life cycles of devices and their vulnerabilities.
Use continuous logging and analyse all network traffic with SIEM. SIEM is a software solution that aggregates and analyses activity from many different resources across your entire IT infrastructure, allowing you to detect threats and take the appropriate actions to successfully mitigate them.
Authentication, identity and access
Implement multi-factor authentication, including biometrics (fingerprint, voice, facial recognition, and more) and privileged identity management (PIM) for administrators. Restrict access to ‘legacy management ports’ and implement logging of use.
Identity and access management (IAM) is also important for OT environments, but not in the same way as we see in IT. Traditional IT security solutions don't quite fit OT environments because they don't understand them. They speak a different language. You first need to understand what your OT environment consists of and how it communicates. In OT environments it is important to create a baseline identifying who should have access to what. And it is important to know how access was given in the past and to whom. Then look for opportunities for standardisation in the current OT IAM processes.
How Nomios helps
The developments in security and network technology are moving fast. The integration of IT and OT makes safeguarding your OT environment more important, complex and difficult than ever, especially in a time that suffers from a serious shortage of specialised IT personnel.
Nomios possesses the expertise and experience needed to keep your OT environment safe. We help companies design, secure and manage their digital infrastructure, allowing them to grow their business and drive innovation. Would you like to know more about our services and solutions? Then don’t hesitate to get in touch.