{"id":17465,"date":"2020-01-16T11:00:18","date_gmt":"2020-01-16T19:00:18","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2020\/01\/16\/news-11201\/"},"modified":"2020-01-16T11:00:18","modified_gmt":"2020-01-16T19:00:18","slug":"news-11201","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2020\/01\/16\/news-11201\/","title":{"rendered":"Is OT security ready for the next wave of cybercrime?"},"content":{"rendered":"

Credit to Author: Christophe Blassiau| Date: Thu, 16 Jan 2020 13:46:02 +0000<\/strong><\/p>\n

Forrester\u2019s Predictions 2020: The Internet of Things<\/em> report<\/a> has an eye-opening forecast on cybercrime for the coming year \u2013 an IoT prediction that demands that we collectively consider how to strengthen OT security.<\/p>\n

We cannot close the door on connectivity\u2019s many benefits. It\u2019s clear that connectivity across people, assets, and systems empowers us to make full use of extracted data to improve operations and processes.<\/span><\/h2>\n

\"\"<\/a> <\/p>\n

 <\/p>\n

This is especially true as the line between IT and OT blurs as companies sync up operations to leverage real-time monitoring, data-driven business models<\/a>, cloud-based and edge analytics, digital twins of industrial processes, a seamless digital ecosystem from shop floor to back-office business processes, and more.<\/p>\n

What are the common risks to OT security?<\/strong><\/span><\/h3>\n

According to the State of Industrial Cybersecurity 2019 report<\/a>, about \u201c70% of companies surveyed consider an attack on their OT\/ICS infrastructure likely.\u201d What are some of the inherent risks to address now before these attacks manifest?<\/p>\n

A wide attack landscape<\/em><\/span><\/h4>\n

Every connected device is associated with an endpoint that hackers could pinpoint to infiltrate and manipulate the entire digital ecosystem. Think about this: today\u2019s smart factories now have hundreds \u2014and even thousands \u2014 of connected sensors. A holistic approach to cybersecurity \u2014 from product security to supply chain protection \u2014 is imperative.<\/p>\n

Legacy infrastructure with aging assets<\/em><\/strong><\/span><\/h4>\n

Many of the systems that control the world\u2019s most critical operations were installed and<\/p>\n

developed decades ago before the rise of the industrial IoT (IIoT), and they were intended for long-term use. As digitization proliferates rapidly, assessing the risk of legacy systems<\/a> is critical, and an end-to-end cybersecurity plan should address both new and aging systems.<\/p>\n

Targeted attacks on unique weaknesses<\/em><\/strong><\/span><\/h4>\n

Unlike IT attacks, which typically aim for the biggest number of users, OT attacks tend to target a specific weakness within a single target. This approach requires specific paths of protection, as widespread defensive measures such as antiviruses are not commonly applicable or even could incapacitate the device itself. What\u2019s more, disconnecting the affected system often is too complex in factory environments.<\/p>\n

Regular exposure to third-party access<\/em><\/strong><\/span><\/h4>\n

It\u2019s very common for external vendors\/field service engineers to be granted privileges to access OT devices through their own laptops and USB devices, the internet, or fully hosted environments with little control. This broader access poses risk even if there is no inherent malicious intent. The attack surface widens with each connected laptop or thumb drive.<\/p>\n

Securing the OT environment<\/strong><\/span><\/h3>\n

With such nuanced OT risks, it is essential to move from reaction to proactive planning and prevention specifically to strengthen industrial cybersecurity. The risk to uptime and availability and, more urgent, to worker and public safety, is too great to ignore.<\/p>\n

Some recommended steps include the following:<\/p>\n