Industrial control systems (ICS) and operational technology (OT) networks are increasingly vulnerable to cyber threats. While gaining visibility into these networks may seem like a logical first step, simply having visibility alone is not enough to protect against intruders, prevent malware, or stop downtime. A comprehensive solution that provides real-time protection is needed to address the growing number of attacks on OT networks.
In addition to visibility, OT networks and ICS require a defense-in-depth approach that can detect and block threats as they happen, or even before they occur. Traditional IT security and cloud security solutions are not suited for the unique challenges presented by OT environments. OT networks often consist of a mix of new and legacy technology, and applications can range from oil and gas production to power generation, manufacturing, and building automation. Unlike IT environments, OT environments prioritize continuity over privacy.
The number of cyberattacks on critical infrastructure has been on the rise in recent years. From 2010 to 2020, there were fewer than 20 known cyberattacks on critical infrastructure. However, in 2021 alone, there were more known attacks than in the previous 10 years combined, and this number doubled again in 2022. These attacks have become increasingly sophisticated and brazen, with state-sponsored actors hijacking delivery vehicles and infecting OT cargo.
To effectively protect OT networks, a multi-pronged defense is needed. This defense must go beyond visibility and provide tools to both prevent and respond to threats. Here are some practical steps that can be taken to enhance OT network security:
1. Trust Nothing, Scan Everything: Before connecting any devices to the network, all storage devices, vendor laptops, refurbished assets, and brand-new assets should be physically scanned. Portable scanning devices should be provided in vulnerable locations to make the scanning process easy and practical for facility and operations managers. These devices should collect and store asset information during every inspection to support visibility and protection strategies.
2. Protect the Endpoints: Deploy software solutions that are capable of detecting and preventing unexpected system changes, such as malware, unauthorized access, human error, and device reconfigurations. These solutions should be purpose-built for OT environments and have a deep understanding of the specific OT applications and protocols in use. Proactive protection through deep analysis of read/write commands is essential.
3. Secure Assets in Production: Availability is crucial in OT security. Proactive OT-native solutions that understand the protocols required to maintain availability are recommended. Additionally, measures such as virtual patching, trust lists, and OT segmentation can be implemented to block intrusions or isolate malicious traffic. Physical appliances that sit on the network can detect and block malicious activity without directly touching the devices they protect.
It is important to note that attackers will not stop their efforts, so organizations must remain vigilant. OT environments are attractive targets for hackers due to their vulnerability and potential impact. Specialized protection that goes beyond visibility is necessary to prevent attacks proactively. A defense-in-depth approach that combines visibility, proactive prevention, and effective response strategies is essential in protecting OT networks.
About the Author:
Austen Byers, the technical director at TXOne Networks, leads the company’s efforts in providing design, architecture, engineering technical direction, and leadership. With more than 10 years of experience in the cybersecurity space, Byers is a sought-after thought leader in OT digital safety. He has spoken at various industry events, sharing insights into industrial cybersecurity, OT breaches, and strategies to keep assets and environments safe.