The ongoing convergence of IT and OT infrastructure is putting a strain on organizations to reevaluate cybersecurity practices. However, the current remote operation model further emphasizes the importance of taking immediate action.
According to the recently released results from Claroty’s Global State of Industrial Cybersecurity report, 63% of U.S. IT security professionals expect a major cyberattack will hit our critical infrastructure within the next five years. The biggest contributing factor? A lack of emphasis on OT security.
When digging deeper into the stats, it is clear that security professionals recognize the need. Specifically:
- 51% of industry practitioners in the U.S. believe that today’s industrial networks lack proper safeguards, while another 55% believe that U.S. critical infrastructure is vulnerable to a cyberattack;
- 56% of U.S. IT security professionals think hacking would be the most prevalent type of cyberattack on industrial networks in 2020;
- 87% of U.S. IT security professionals believe that the government is responsible for properly protecting critical infrastructure from cyberattacks, indicating how crucial it is for CISOs and IT teams to understand the importance of OT security and its impact.
Manufacturers are some of the more aggressive embracers of IT/OT convergence, Dave Weinstein, CSO of Claroty tells IndustryWeek. “This means connecting their factories at high rates and relying on remote access in lieu of boots on the ground for maintenance and other operational needs,” he says. “There should be a large focus on uptime, as they can't afford a cyber incident that risks bringing production to a costly halt.”
According to Weinstein, manufacturers in spaces such as food and beverage, automotive and pharmaceuticals are experiencing more heightened levels of cyber risk. “They’re among the most serious when it comes to maturing their OT security posture,” he says. “Manufacturing and the energy sector, namely oil and gas and electric utilities, should continue to be extremely proactive about addressing these emerging cyber risks, many of which relate to their growing dependence on remote access and a rising threat profile.”
Industrial networks can take numerous steps to better protect themselves against cyberattacks including monitoring all remote connections, implementing privileged access control, multi-factor authentication, along with consistent and stringent audit and compliance, explains Weinstein:
- Monitor remote connections: Organizations should take special care over these next several months to monitor remote connections, even the seemingly unimportant or inconsequential ones. “This means having the capability to observe remote sessions in real-time, actively manage user access requests based on purpose, length, and frequency and terminate sessions with the click of a button,” says Weinstein. “Doing so will markedly reduce the risk of both internal and external exploitation, including third parties, without introducing costly or burdensome barriers to productivity.”
- Establish privileged access control: As reliance on remote connectivity intensifies, manufacturers should define and enforce granular access permissions for all remote users, especially those with privileged access. “For industrial organizations, access control policies should reflect a layered network defense model (e.g. the Purdue model) to mitigate lateral movement in the event of a compromise and protect the most sensitive and critical process control assets,” he says.
- Scrutinize authentication practices: One of the biggest risks associated with the rapid adoption of remote access operations is the use, sharing and management of passwords. “If possible, organizations should seek to limit if not eliminate the use of passwords for third party users by requiring administrator approval for all remote access sessions,” he says. “In other cases, businesses and governments should take advantage of password vaulting technology and always enforce multi-factor authentication to protect against account compromises.”
- Maintain auditing and compliance standards: Even though this period of flexible workplace arrangements will come to an end as the effect of the COVID-19 eventually wanes, it is important to maintain consistent and stringent audit requirements for remote access for the duration of its impact. “Opportunistic hackers will undoubtedly attempt to take advantage of this opportunity to gain and maintain persistent access to critical networks,” says Weinstein. “Despite organizations’ best efforts, some will be successful. For this reason, organizations should be keen to capture and document all remote access session activity and credential usage to meet compliance requirements and facilitate any future forensic analysis.”