OT-IT convergence challenges that increase cyber risk

The ever-expanding overlap between information technology (IT) and operational technology (OT) networks is forcing many organisations to assess and improve their cybersecurity. With the exposure of legacy OT devices to the internet, and new attacks specifically built for them, ICS network protection is now commanding board-level attention.

The reality is that the failure of an ICS network controlling critical infrastructure such as an electricity grid, oil rig or emergency response service could have catastrophic results. This is why it is important for OT-IT organisations to understand where risks can come from and prepare for them.

With the increase in convergence between OT and IT, new risks are emerging that can have major impacts on Australian and New Zealand companies, particularly for critical national infrastructure providers. Urgent, proactive strategies are needed to ensure OT cybersecurity develops to the same maturity as IT cybersecurity.

At Forescout we have identified unique challenges that OT-IT convergence is creating for critical infrastructure companies.

Firstly, there is an increase in cyber threats targeting OT/ICS networks. The presence of newer, IP-connected devices in OT networks makes organisations that use them vulnerable to internet-based threats. Many companies are also using third-party vendors as a cost-effective alternative to onsite staff to patch, update and repair their systems. Unfortunately, the protocols used for remote access can be vulnerable to exploits, as was seen recently with the BLUEKEEP vulnerability, and adversaries can leverage this to gain access to the corporate network and compromise OT devices. In November 2019, Shodan.io showed over 40,000 internet facing systems with the vulnerable port exposed.

Secondly, the Internet of Things (IoT) explosion is having an impact. As the scale and diversity of IoT devices grow, monitoring and controlling them should become a critical focus of an organisation’s cybersecurity plans along with eliminating ‘bad’ security practices like having unencrypted traffic, or leaving default or simple credentials in place.

We are also seeing an increasing workload for security operations teams. The mounting pressure to bulk up OT cybersecurity has resulted in security leaders at many critical infrastructure organisations investing sizeable amounts of money into the latest and greatest cybersecurity tools. This has led to organisations using many disparate tools that force them to manually analyse yet more data, when they should be starting with maximising the value from tools they already have. Obtaining the capability to unify visibility and control for OT and IT networks into one interface can help reduce the burden of piecing together security and operational alerts from separate tools.

Compliance requirements are also becoming more complex. To achieve compliance, many organisations implement manual compliance processes, sending staff to perform site visits and map assets as best they can, while compiling this data for their reports. Despite these costly and labour-intensive efforts, this process is tedious and error-prone, and the possibility of being fined for non-compliance remains relatively high. Organisations should consider automating their asset inventory and management, as well as the required reporting for audits, which can help reduce an organisation’s compliance burden.

By taking simple steps to understand how OT and IT networks interoperate, organisations can holistically manage risks to organisational OT infrastructure. There are many challenges that have arisen in the IT and OT fields, and taking precautions can help minimise the potential for disruption for organisations.

Steve Hunter is a Senior Director of System Engineering Asia Pacific and Japan at Forescout Technologies.

Image: ©stock.adobe.com/au/anyaberkut