Taking a holistic approach to cybersecurity across OT and IT

As cybercriminals become more sophisticated, it’s no longer a matter of if an organisation will be attacked, but when. Although most businesses have taken steps to protect themselves from external, internet-based attacks, many have ignored the risks presented by internal technology. Weak links including critical SCADA and ICS present new and attractive ways for cybercriminals to access an organisation’s most critical systems used for producing goods or providing critical industrial services.

Previously air-gapped, these systems are increasingly connected to adjacent business and third-party networks, sometimes via the internet, creating new entry points into the organisation’s entire network. Hackers gaining entry this way can compromise the systems directly or can expand further into the network to steal data or sabotage operations.

There are five key ways engineers can contribute to improved cybersecurity in an age of constant breach potential.

1. Work together to identify and address weak points

The new levels of connectivity applied to OT mean all team members need to thoroughly understand the risks posed by OT and ensure these systems are secured with the same vigilance that’s applied to IT systems. Whether this imperative is driven by the engineering team or the IT team, leaving OT systems exposed is no longer an option, so teams need to discuss how the organisation plans to secure OT.

2. Share intelligence

Being a good corporate citizen includes helping other businesses protect themselves against cybercriminals. Helping each other can deliver a kind of herd immunity. Sharing threat intelligence and learning from each other is just common sense.

At the same time, it’s important to work closely with corporate IT teams, who can help with increased visibility across the corporate network. Working together, the OT and IT teams can uncover any best practice approaches that will help improve the overall security posture of the organisation.

3. Consider automation

Cyber-physical attacks are increasing and even ransomware can be dangerous in industrial environments. Last year’s WannaCry ransomware caused downtime in some manufacturing plants, leading to lost productivity. This could potentially have been avoided using ICS-specific automated threat response (ATR) technologies.

ATR technologies take a predefined action to contain or prevent attacks identified by behavioural analytics and artificial intelligence. The goal is to automate the process of detection and implement an equally automated and closed-loop process of prevention. This not only reduces the burden on security teams but also shortens the response time.

Full automation may not yet be possible in OT environments where the risk of causing downtime or safety issues means manual intervention may still be required. However, in some circumstances, automation can dramatically improve protection. For example, if an automated system detects unusual commands from a pre-existing host, it can automatically limit its access until a security team member can investigate the activity.

4. Improve employee engagement and awareness

Security starts with every employee, so it’s crucial to ensure all team members are aware of their responsibilities and the risks they face. This must include developing and communicating clear security policies that people understand and can comply with. Education must be ongoing, with frequent reminders and even drills to keep security top of mind for all employees. Since human error is often at the root of successful cyber attacks, it stands to reason that arming team members with strong security knowledge and processes can dramatically reduce this risk.

5. Unifying the security platform between IT and OT

Instead of trying to utilise different firewall products across IT, OT and industrial cloud, organisations should consider adopting a common and flexible firewall technology that can be applied across the entire enterprise from environmentally harsh/controlled industrial automation networks, virtualised public and private clouds for OT, and corporate IT. When security is centrally managed, the security team can see the entire attack surface of a business, providing greater knowledge about potential risk exposure. In addition, OPEX costs can also be dramatically reduced when security teams only have to learn and deal with one technology and approach.

Organisations must also constantly look for ways to further improve their IT and OT security. This includes measures like taking advantage of a contextual threat intelligence service, which helps automate the response process, making it faster and more effective without requiring additional security measures.

It is important to see cybersecurity as a shared responsibility with every member of the team playing a role in keeping the business safe. Many of the systems that engineers have long considered impervious to hackers may now be vulnerable, so it’s crucial to understand where the vulnerabilities lie and how to protect them.

*Del Rodillas is the Global Director of Industrial Cybersecurity for Palo Alto Networks where he looks at automation systems through the lens of cybersecurity. He helps global asset owners across critical infrastructure sectors understand cybersecurity best practices and technologies in order to prevent successful cyber attacks while keeping uptime and safety high.

Image: ©stock.adobe.com/Olivier Le Moal