For most companies these days, IT security is a prime concern.
Organisations of all sizes, across all sectors, have made it a priority, enforcing strict protocols and company-wide trainings to protect their systems, their employees, and their customers. No matter the industry, the risks of cyber-attacks on IT systems are well-known and the dangers understood.
What’s less talked about is the risk of attacks on critical operational technology (OT), particularly in the systems that power our civil infrastructure, including oil and gas pipelines and other essential resources in the energy sector. A single attack could paralyse operations and negatively impact millions of users. Take, for example, the ransomware attack on the Colonial Pipeline in May, 2021, which led to the shutdown of the entire pipeline and resulted in higher prices and fuel shortages across the East Coast of the U.S. This attack not only harmed the company, but it also had a detrimental impact on millions of customers.
Yet, despite instances like this, cybersecurity in OT continues to lag behind IT security in terms of maturity and focus. The main reason for this trend is that while IT operators generally prioritise cybersecurity, followed by system availability and safety, the OT approach has historically been the opposite, instead prioritising safety and uptime with cybersecurity coming in third. This is due in large part to the fact that OT systems are often managed by engineers who are focused on ensuring the functionality and safety of the systems, versus the cybersecurity professionals of the IT world who tend to prioritise addressing the cyber threat landscape. Additionally, historically OT systems have been designed with less need to be connected to networks. As the digital agenda continues to evolve, this has changed.
Changing Landscape, Increasing Risk
Infrastructure management is changing, and with that change comes heightened risk that must be addressed. Indeed, our critical infrastructure is an attractive target for hackers right now for a few reasons. First, like all industries, the energy sector has increasingly embraced digitalisation and governance by IT systems and welcomed the move toward the smart, automated and connected systems that characterise Industry 4.0. While this move is beneficial for many reasons, it naturally creates more attack vectors for hackers and brings with it a host of new cybersecurity challenges. System interconnectivity, increased big data collection, and the use of AI technology to bypass human intervention have all become the norm in the sector, and while these moves help promote smooth operations and quick issue response, they also increase the number of network vulnerabilities.
Additionally, the improved connectivity of Industry 4.0 allows for operators to provide technical assistance from a distance, a huge convenience and time saver in many respects, but also another possible breach point. Lastly, while not new, the distributed nature of OT systems in the energy sector is a considerable risk factor. Elements like offshore rigs, remote unmanned facilities and connection with multiple vendors’ networks add to the vulnerability of these systems. Considering these factors, as well as the continuing increase in sophistication and frequency of cyber-attacks, the writing is on the wall: infrastructure OT operators must rethink their management priorities and put cybersecurity front and centre.
Safeguarding OT Operations
So, how can OT system operators protect their networks against cyber-attacks? The first step is to ensure they have a current, holistic view of the entire network. Complete, uninterrupted network visibility is critical for effective OT management, to ensure that any abnormalities can be identified quickly, no matter where they occur. Additionally, if an issue is discovered, operators must have the tools at hand to quickly pinpoint what or who is threatening the network. The ability to glean this basic information helps managers understand the severity of the risk and how much of the network has been compromised, which allows them to assess the issue and prioritise it appropriately.
Network modelling is another important step that can help operators stay prepared and react quickly in the case of an attack. This means creating a model of the company’s entire OT network, including network topology, device properties, possible vulnerabilities, potential attack vectors and more. This model, or digital image, not only aids in providing overall network visibility, but it can also be used to simulate breaches and attacks, which helps evaluate the effectiveness of current security measures and identify areas of vulnerability where more protection may be needed. From the simulation data, companies can then produce an ROI-optimised OT security plan that helps them act quickly in the case of emergency. They can also generate a prioritised list of attack mitigation measures that can help strengthen the entire network and prevent attacks in the first place.
Perhaps the most important step that OT managers can take to thwart attacks is to ensure continuous network monitoring. Complete, always-on, real-time monitoring is a crucial long-term security measure that all OT operators should prioritise. Over time, infrastructure networks grow and evolve, and new components get added. It’s critical that monitoring systems evolve as well, adapting to network changes to enable constant threat identification and mitigation throughout every inch of the system. This always-on vigilance is an OT operator’s first line of defence against a potentially devastating cyber- attack and should be a number one priority.
With cyber threats continuing to make headlines and attacks becoming increasingly sophisticated, critical infrastructure managers must make OT cybersecurity a top priority. There’s no denying that physical safety and system uptime are important operational priorities, but cybersecurity must be given equal attention. OT operators that fail to focus on cybersecurity measures leave themselves vulnerable to attacks that could not only paralyse operations but could have a long-lasting detrimental impact on numerous areas of civil life. OT operators throughout the energy and infrastructure space must act now to ensure a safe and secure future, not only for their organisations but for millions of consumers the world over.
About the Author
John Allen is strategic pharma consultant at Radiflow. We believe there should be no compromise on ICS or OT security. You don’t want to realize the importance of cybersecurity after the fact. We believe that you can’t protect what you can’t see, and you can’t manage what you don’t know. Radiflow is on a mission to take the guesswork out of OT security.
Featured image: ©Alexander Limbach