The cybersecurity community seems to generally agree that OT, operational technology, requires special considerations. The salient question: Should IT departments handle OT cybersecurity or does cyberdefense of physical assets differ enough from defense of virtual ones to warrant separate OT teams?
IndustryWeek asked our network of cybersecurity experts what OT cyberattacks might look at this year and what trends manufacturers may want to get ahead of.
Don’t Forget About Ukraine
Recognizing the cybersecurity effects of the ongoing Russian-Ukraine war popped up in almost every conversation we had with our experts. Russia plays host to a vibrant hacker community. Now that the West has levied embargoes and otherwise isolated Russia, we can expect that Russian cooperation with law enforcement on cyberattacks will practically end. It’s therefore, according to many of our experts, worth considering whether this new hacker’s Wild West in Russia ought to cause manufacturers to take cybersecurity even more seriously.
“The number of cyberattacks on global infrastructure doubled between 2021 to 2022 likely due to Russian cyberwarfare against Ukraine and western countries that imposed sanctions. Attacks on oil, gas and chemicals industries rose year-over-year due to their critical involvement in all manufacturing operations,“ says Julie Gerdeman, CEO at Everstream.
“With geopolitical changes in the world, we will see an uptick in individual businesses falling victim to nation-state attacks. We can expect the lines to blur between espionage and criminal activity, as information and attack techniques are shared. Loyalists to certain nations will continue to offer cooperation to these international hacking efforts,“ says Steve Moore, vice president and chief security strategist at Exabeam.
Ransomware Is Still the Top Cyberthreat
“Ransomware remains the most likely threat to cause disruption in industrial infrastructure environments. Based on our visibility of ransomware events within industrial control system (ICS) environments, manufacturing organizations remain the most frequent target, with 70% of observed ransomware events [in 2022],“ says Michael Sakmar, vice president of professional services at Dragos Inc.
“Ransomware will continue to pose significant challenges for industrial infrastructure environments, particularly for those without effective network segmentation between IT and ICS/OT. Ransomware rarely uses novel methods–making the application of key elements of a defensible ICS/OT architecture particularly effective,“ Sakmar continues.
“We will see the continuation of ransomware attacks on IT and more infiltration into the OT space. My hope for the new year is that all OT users will develop cybersecurity plans for their facilities. There are exciting possibilities for implementing AI and Edge technologies in the OT space, but security needs to be included in every design decision,“ says Kimberly Cornwell, system engineer and member of the cybersecurity tech team with Siemens Digital Industry Factory Automation Division.
“Paying ransoms–which we know is not a guarantee that data will be recovered or restored–can also set organizations up for future attacks. To hedge risks from ransomware attacks and recover from data loss, organizations and individuals should focus on data resiliency and emphasize that everyone (not just IT and cybersecurity staff) backup data with secure encryption,“ says Kurt Markley, U.S. managing director at Apricorn.
Be Aware of Threats to Specific Hardware
The U.S. government last year warned about a specific threat to multiple ICS, supervisory control and data acquisition devices (SCADA) and specific models of programmable logic controllers (PLCs) manufactured by Schneider Electric and OMRON. More model-specific OT cyberthreats will likely pop up in the future.
Sakmar calls Pipedream, a software toolkit that more easily allows hackers to alter industrial devices once they gain access to an OT network, “an existential threat to the industrial control systems community.“
The nature of the threat lies in Pipedream's ability to specifically target OT running the ubiquitous Codesys v3 automation software for engineering control systems or OPC Unified Architecture (OPC UA) used for machine-to-machine communication for industrial automation. Pipedream, according to Sakmar, can also manipulate servos in the 1S-Series of Omron Servo drives.
“While it cannot target Omron Safety Controllers, this is undoubtedly the next step in its development. We’ve confirmed that the toolkit can achieve logic corruption and manipulation on Codesys v3 and Omron devices,“ Sakmar says.
Where to Put Your Cybersecurity Budget
The need to create OT-specific cybersecurity teams forces new choices upon businesses for how to assign cybersecurity budgets. According to our experts, manufacturers may have to embrace the added expense or budgetary reorganization.
“OT cybersecurity gaps have traditionally been kicked down the road or addressed with IT solutions that aren’t equipped to protect OT environments. This year, we’ll see more movement toward an OT-centered approach to cybersecurity. OT security will no longer be seen as part of the IT portfolio, as leaders will begin acknowledging that the two need to be dealt with separately,“ says Ian Bramson, global head of industrial cybersecurity at ABS Group.
“As executives become better acquainted with the nuances of OT cyber due to increasing attacks and higher payouts, the idea of calling an IT professional when physical attacks begin to occur will start to look less compelling. Organizations will start to view OT cybersecurity through the industrial lens and begin treating it as a separate risk from IT altogether,“ Bramson continues.
“Even with continued spending on cybersecurity services, inflated expenses in the supply chain, a shortage of experienced IT workers, limited resources and tighter budgets could lead to weakened IT security that put OT systems at risk. I predict we could see an increase in data loss events, and cybersecurity breaches as a result, resulting in OT disruption and economic impact on business,“ says Apricorn’s Markley.
“An increase in OT cybersecurity budgets will start to go into effect [this year], leaving organizations with the task of deciding how best to spend it: One area that is likely to see an influx of investment is cyber training and programs specifically for those running OT systems. Teaching operators and floor technicians how to monitor for breaches can close the gap between traditional risk management and cybersecurity,“ says Ryan Moody, president & CEO at ABS Group.
“To hedge these risks, employee education should be an essential priority in 2023,“ Markley agrees.
And when organizing OT cybersecurity teams, don’t make them operate on an island. OT cybersecurity affects the entire manufacturing industry. Cooperation becomes a critical asset in the fight.
“As collaboration in the IT sector remains strong through intelligence sharing and bug bounty programs, we will see collaboration spill over into the operational technology domain. More OT stakeholders, particularly those in critical infrastructure sectors, will realize there is a distinct advantage that comes from sharing intel. In 2023, OT attacks will continue to rise and we will see a collective defense begin to take hold in critical infrastructure,“ says Josh Lospinoso, CEO of Shift5.
