{"id":18423,"date":"2022-03-03T10:00:38","date_gmt":"2022-03-03T18:00:38","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2022\/03\/03\/news-12156\/"},"modified":"2022-03-03T10:00:38","modified_gmt":"2022-03-03T18:00:38","slug":"news-12156","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2022\/03\/03\/news-12156\/","title":{"rendered":"Secure your OT and IoT devices with Microsoft Defender for IoT and Quzara Cybertorch\u2122"},"content":{"rendered":"

Credit to Author: Lauren Goodwin| Date: Thu, 03 Mar 2022 17:00:00 +0000<\/strong><\/p>\n

This blog post is part of the Microsoft Intelligent\u00a0Security Association\u00a0guest blog series<\/a>.\u00a0Learn more about MISA<\/a>.<\/em><\/p>\n

In recent years, malicious actors have started attacking industrial control systems and key sectors of nations\u2019 critical infrastructure to inflict damage that transcends the cyber world and traditional IT assets. The risk to public safety cannot be overstated, as these types of cyberattacks have real-world potential to inflict harm on humans. These \u201cindustrial control systems\u201d that control the many facets of our nation\u2019s critical infrastructure are more commonly known as operational technology (OT) devices. The same goes for IoT devices and industrial internet of things (IIoT) devices. IoT is the network of physical objects that contain embedded technology to communicate, sense, or interact with the internal or external state of its environment. The public and private sectors have many OT and IoT devices in industries such as defense, power generation, robotics, chemical and pharmaceutical production, oil production, transportation, and mining\u2014to name a few. OT devices are hardware and software that monitor or control physical equipment, assets, and processes\u2014and they are being compromised at an increasing rate.1<\/sup><\/p>\n

Alarmingly, in 2021 there were two incidents of local water treatment plants in the US being a target of cyberattacks. One cyberattack occurred in the San Francisco Bay area in January 20212<\/sup> and another occurred in February 2021 in Oldsmar, Florida.3<\/sup> In the Oldsmar, Florida cyberattack, the malicious actors attempted to increase the amount of sodium hydroxide in the water supply to potentially dangerous levels. Thankfully, the attack was thwarted by a plant supervisor who caught the act in real-time and reverted the changes. These cyberattacks occurred on OT devices used for critical infrastructure at local level, but similar cyberattacks are playing out in the real world on a national level as well.<\/p>\n

On May 7, 2021, Colonial Pipeline, an American oil pipeline system responsible for 45 percent of all fuel consumed on the US East Coast, suffered a ransomware cyberattack that crippled all pipeline operations for about six days.4<\/sup> The aftermath of this attack caused fuel shortages in six US states as well as the US capital, Washington D.C. <\/p>\n

These cyberattacks on OT devices may not be new, but they underscore how dangerous the threat is to our critical infrastructure, as well as how great the risk is to our overall public safety.<\/p>\n

The US government has taken notice of the increased threat against OT systems and has responded accordingly. Per the President\u2019s Executive Order on Improving the Nation\u2019s Cybersecurity issued on May 12, 2021, \u201cThe Federal Government must bring to bear the full scope of its authorities and resources to protect and secure its computer systems, whether they are cloud-based, on-premises, or hybrid.5<\/sup> The scope of protection and security must include systems that process data (information technology (IT)) and those that run the vital machinery that ensures our safety (operational technology (OT)).\u201d The Quzara CybertorchTM<\/sup> solution, in conjunction with Microsoft Defender for IoT<\/a> and Microsoft Sentinel<\/a>, help agencies meet compliance with various aspects of this executive order. This includes, but is not limited to, providing agencies a means to monitor IT and OT operations and alerts, respond to attempted and actual cyber incidents, and facilitate logging, log retention, and log management. <\/p>\n

With the threat of cyberattacks impacting OT and IoT devices on the rise, it is important now more than ever for national, state, local governments, and their private sector partners to be vigilant in securing their OT and IoT devices that operate or assist critical infrastructure.<\/p>\n

The current state of cybersecurity in OT and IoT environments<\/h2>\n

While it is encouraging that the US Government is giving greater emphasis to secure OT and IoT infrastructure, they and private corporations with OT and IoT devices face an uphill battle. This is because many OT and IoT environments use outdated (and therefore, unsecure) operating systems and software. A comprehensive report from CyberX (acquired by Microsoft) in June 2020 titled Global IoT and ICS Risk Report<\/a> was compiled based on data gathered from 1,821 production OT and IoT networks<\/strong> using passive, agentless monitoring with patented deep packet inspection (DPI) and network traffic analysis (NTA) algorithms. These production networks spanned diverse IoT and ICS systems\u2014including robotics, refrigeration, chemical, and pharmaceutical production, power generation, oil production, transportation, mining, and building management systems (heating, ventilation, and air conditioning (HVAC), closed-circuit television (CCTV), and more). These are the findings in the report:<\/p>\n