The topic of digital transformation is nothing new. The growth of digital infrastructure and the role of diverse elements of technology – from artificial intelligence to cloud and data - over the past 20 years has allowed companies across multiple sectors to drive productivity and experience progression at a speed never experienced before.
The rate of digital transformation has again increased over the past three years. The pandemic and subsequent impact on global economies have forced companies to seek even greater efficiencies, with technology often being the bedrock of that strategy. At the same time, the cyber security threat landscape has continued to evolve, with cybercriminals using the increasing connectivity across organizations to achieve their nefarious objectives more easily.
One sector that has been a growing focus of targeted cyberattacks has been manufacturing. According to our Security Navigator 2023, the sector is the number one industry for cyber extortion (Cy-X) victim count. One of the key ways that manufacturing differs from other sectors is the widespread use of operational technology (OT), which presents specific kinds of security challenges for a business to overcome.
The National Institute of Standards and Technology (NIST) defines OT as programmable systems or devices that interact with the physical environment, or manage devices that interact with the physical environment. Examples include industrial control systems, building management systems, fire control systems, and physical access control mechanisms.
So, what might a cyber-attack on an OT system look like? A typical factory may include several robotic arms that have been programmed to pick up objects and move them to a defined area. Those robotic arms are controlled by a programmable logic controller (PLC), which in turn is linked to a supervisory control and data acquisition (SCADA) machine. If an adversary can send a command to the SCADA, they can tell the robot to drop the potentially costly items each time they pick them up, causing significant damage to the manufacturing process.
The most infamous incident to impact a SCADA system was known as Stuxnet, which was discovered in 2010 after it was used to attack a uranium enrichment facility in Iran. More recently, one of the most widely publicised cyber incidents to impact OT was the 2021 attack on the US ‘Colonial Pipeline’. A ransomware attack forced the company to shut down one of the country’s most important oil pipelines. While the OT systems that move the oil were not directly compromised, the pipeline was closed to ensure that the malware did not spread from their IT-hosted billing system. Colonial Pipeline paid DarkSide hackers to get the decryption key, enabling the company's IT staff to regain control of its systems.
Traditionally OT security within large organizations has been the responsibility of an operational or product manager. However, increasing connectivity, due in part to the growing use of cyber-physical systems connected to the Internet, means that industrial security in the broader sense (OT and XIoT) has become a greater concern for security specialists.. According to Fortinet, 95% of organizations expect OT cybersecurity responsibility to shift from directors and managers to CISOs in the next 12 months.
NIST recently published a ‘Guide to Operational Technology (OT) Security’, which provides guidance on how to improve the security of OT systems while addressing their unique performance, reliability, and safety requirements. At Orange Cyberdefense we have extensive experience in helping organizations implement security solutions across OT and IT environments to enable efficient operations and management.
The following provides a brief overview of how we detect and respond to OT security threats:
- We provide a managed OT service platform for vendor agnostic approach;
- Continuous passive monitoring of your OT networks to detect threats;
- Creation and management of an operational baseline and policies to detect anomalies.
- Detection of anomalies and threats by dedicated OT security experts;
- Management of events and escalation of qualified security incidents;
- OT Threat Intelligence for improved detection capabilities.
- Support of the deeper investigation of security incidents;
- Managed threat detection [log] integration for combined OT and IT threat detection, incident investigation and threat hunting;
- On-demand response to security incidents through Managed Firewall.