Traditionally, OT security was not deemed such a concern for businesses, as OT systems were air-gapped from the Internet and consequently at less risk from external threats. As digital transformation initiatives increased, and OT/IT networks converged, companies recognized the need to protect OT. This meant organizations began to react to single threats with single OT security solutions, resulting in silos and often a confused OT landscape that wasn’t conducive to information-sharing and visibility. This lack of shared information, particularly between departments responsible for IT and OT, made it difficult to monitor a company’s whole attack surface, leaving significant holes in security.
Things are changing, and that is largely due to the pandemic: 94% of Fortune 1,000 companies say they experienced supply chain disruptions from COVID-19. Industrial companies in the Netherlands reported average daily output fell 4% year-on-year in August 2020, the seventh straight month of decline in manufacturing output. Perhaps not surprising given the COVID-19 emergency, but still a concern. Industrial companies now need to both adapt production lines and also drive down costs.
Digital transformation (DX) is the route to those changes, but some industrial companies have found DX slow going. Why is this? Partly because they are typically vast, siloed organizations comprising many different stakeholders. But DX is an enabler in the fightback against COVID-19 disruption, and OT/IT convergence is a key pillar of that.
What’s happening in OT security today?
OT/IT convergence lets industrial companies monitor the flow of raw materials, parts and finished products throughout the entire supply chain. It helps them to manage just-in-time supply chains better. And further, by connecting up factory, production and delivery vehicles, industrial companies can now monitor performance data to carry out remote diagnostics and predictive maintenance, helping increase uptime and boost productivity.
Connected production lines are one example; robots in manufacturing can help deliver great efficiencies, too. But it is essential that while industrial companies should be looking to OT/IT convergence to help drive digital transformation forward at a difficult time, it shouldn’t be done rashly: OT/IT convergence also brings risk.
When OT is connected to the broader networked world, it increases the threat surface and makes security increasingly vital. This is one of the key balancing acts of OT/IT convergence: it delivers greater productivity and reduced costs but also brings a bigger security burden. Cybercriminals have been emboldened and empowered by COVID-19, with more opportunities to exploit working from home (WFH) and get access to virtual private networks (VPNs) or launch phishing attacks at homeworkers.
Other significant threats to OT security include malware and ransomware infiltrating mobile devices and external hardware, such as laptops used externally and even removable media like USB flash drives. Remote management or maintenance of OT equipment by third parties is another attack vector, since it is typically monitored less. Distributed denial of service (DDoS) and IoT botnets can seek to take advantage of the proliferation of different IoT technologies connected to a network. This might mean RFID, real-time location tracking devices and security sensors plus communications protocols like Wi-Fi, CDMA, GPRS, 4G and near-field communications (NFC). Many IoT-connected OT devices still lack built-in security measures, making them potential entry points for botnets to initiate DDoS attacks.
What can you do to enhance OT security?
If your OT is attacked or hacked, it can cause you serious business continuity problems as well as major safety issues, too. OT risks are increased by having large amounts of old, unpatched equipment, by connecting devices to your local area network (LAN), or by your OT devices storing data in the cloud. You can mitigate these risks by taking some basic, practical steps.
OT security solutions that you should put in place range from critical network security controls, like next-generation firewalls (NGFWs), to security information and event management (SIEM) systems to identity access and management. In traditional IT security, employee awareness training is a big factor in helping defend your organization, but it isn’t enough when it comes to OT security. For the aforementioned external laptops and USB drives, for example, your OT security should include: end-user training; giving your IT teams user access management tools, such as privileged access management (PAM); policy enforcement and end-point security controls; plus full encryption capabilities. In addition to this, better visibility of your OT infrastructure is advisable. Orange has a partnership with Cisco on their Cyber Vision solution and provides 24/7 visibility of your estate. This means companies gain a full understanding of their OT technology estates and more control of security policies and are able to monitor security at scale to manage the risks.
To mitigate potential botnet DDoS attacks, it’s advisable to use DDoS protection solutions to reduce the massive traffic volumes being carried over IoT systems. We recommend putting IT and OT firewalls in place as well as processes to audit OT equipment to see when it was last updated or patched. Two-factor authentication, including biometrics and identity and access management (IAM) for all employees, also reduces your degree of risk. Working with a specialist security partner who understands the network and the OT security world can help you understand and implement all these aids with minimum disruption to your business.
Industrial companies must think OT/IT safety and security first
Orange Cyberdefense helps companies conduct threat monitoring and detection thanks to our knowledge of all the challenges involved through our RAMS approach: reliability, availability, maintainability and safety. At the same time, our partnership with leading companies like Nozomi Networks and Cisco helps our customers anticipate OT threats, protect assets, detect breaches and respond to incidents before they become too serious. Industrial companies looking to leverage the benefits of OT/IT convergence need to work with a partner who can do all of this specialized work plus the IT network and security.
Furthermore, according to Fortinet, the best-performing OT security companies put measures in place, like a CISO or CSO responsible for OT security. They are four times more likely to ensure OT activities are centrally visible to security operations teams.
Industrial companies have often been on the receiving end of massive ransomware attacks in recent times: pharmaceutical company Merck reported losing around $870 million, American food and beverage producer Mondelez $188 million and semiconductor manufacturer TSMC in Taiwan $250 million. Manufacturing companies are regularly the most frequently-targeted companies, according to the Smart Factory Study by Deloitte. As Industry 4.0 and IIoT increase, and industrial companies seek to leverage the benefits of IT/OT convergence, the threat landscape will continue to grow. Be prepared for it.
To read more about the growing need for IT/OT convergence within manufacturing and industry and how to make security a cornerstone of it, download this IDC InfoBrief: The Road to Digital Transformation: Enabling OT-IT Convergence.
Dave van Meer is Head of Solutions at Orange Business in Netherlands. He brings 20 years of extensive leadership in the Consulting and Managed Services ICT industries. As in his career, he also values relationships in his private life and is people centric. He loves to spend time with his family and friends. His lifetime hobby and sport is volleyball, on the court and on the beach.