For too many years, cybersecurity practitioners focused almost exclusively on the digital world of information technology (IT), leaving operational technology (OT) environments–including industrial control systems (ICS), Supervisory Control and Data Acquisition (SCADA), and other critical infrastructure–to be protected by policies of isolation or air-gapping.
Today, growing connectivity between IT and OT systems (sometimes called “IT/OT convergence”) and the rapid expansion of remote work mean that isolation is no longer a realistic solution for ensuring the security of OT environments. At the same time, security tools designed for IT use cases often fail to meet OT needs. The result is that OT and ICS environments are left at their most vulnerable just as potentially disastrous cyberattacks against them are exploding in both number and frequency.
In this blog, based on a recent webinar entitled “Going Beyond SRA: Safely Connecting OT Environments,” we will explore several of the major security challenges facing OT environments and examine how zero-trust access can help overcome them.
Let’s begin with a quick look at the current state of OT security. According to the Fortinet 2023 State of Operational Technology and Cybersecurity Report, 75% of OT organizations experienced a breach in the past 12 months, and 11% reported more than six breaches in the same time frame. Furthermore, 32% of these organizations reported that the intrusion into the OT environment allowed attackers to pivot to an IT environment, suggesting that OT environments provide an easier initial access point for attackers.
This heightened level of attacks is even more alarming when we consider that successful breaches of OT systems and critical infrastructure present dangers beyond monetary losses and reputational damage. When cyberattackers target systems like manufacturing lines, water treatment plants, and oil and gas refineries, the consequences can include physical harm to workers and the communities who depend on these critical services. Research conducted by Waterfall Security found that 35% of OT cyberattacks resulted in physical consequences, leading to a staggering $140 million in damages.
These disturbing statistics clearly indicate that the status quo is largely failing to protect OT environments and the assets within them. At the same time, isolation or air-gapping, which once kept OT systems reasonably safe from outside threats, have become infeasible in our increasingly hyper-connected world. Let’s look now at some of the specific threats and challenges industrial enterprises are struggling with.
Third-party vendors and technicians play a crucial role in supporting the day-to-day operations of many if not most industrial organizations. In some cases, original equipment manufacturers (OEMs) require their customers to contract maintenance back to them. Third-party contractors frequently also perform firmware updates, process changes, or other key tasks that internal teams may not be trained to complete themselves.
Drawing on outside expertise provides significant value but, at the same time, substantially increases risk. By definition, third parties are not official employees, and they likely have less motivation to adhere to corporate security protocols or follow best practices. Even when vendors do take security seriously, lax access policies and over-permissioning often give them wider access than they actually need. This expands the organizational attack surface and heightens the risk that unauthorized users will find their way inside.
To mitigate these risks, organizations need to prioritize the implementation of comprehensive Identity Access Management (IAM) and Role-Based Access Control (RBAC) protocols. By enforcing zero-trust access for all third-party vendors and contractors, organizations can proactively fortify their OT environments against potential data breaches and security incidents.
Generic user accounts present another significant challenge for those working to secure OT environments. Generally created for the sake of convenience, generic accounts are commonly shared among multiple users and make it difficult to attribute actions to specific individuals–especially third-party vendors external to the organization.
This lack of user accountability introduces a serious security risk, as differentiating between legitimate activity and malicious activity becomes nearly impossible until it is too late. Even more worryingly, generic accounts often possess elevated privileges to access critical systems and assets (again, for convenience sake), rendering them attractive targets for attackers.
Finally, the management and updating of passwords for generic accounts across complex OT infrastructures can be a burdensome endeavor which often leads to weak or shared passwords that further heighten security issues.
Virtual private networks (VPNs) and jump servers are two of the most commonly relied upon tools for remotely connecting users (both internal and external) to OT environments. Unfortunately, improper management of these products can introduce dangerous liabilities.
Attackers can exploit weaknesses in VPN protocols, enabling unauthorized access to the network and potentially compromising critical OT systems. Similarly, jump servers, acting as intermediaries for accessing OT assets, become appealing targets for infiltration attempts. Insufficient protection of these jump servers can serve as entry points for malicious actors to bypass security controls and bypass security controls and move laterally within the environment.
Effectively managing and securing VPN access and jump servers within a sensitive OT infrastructure can prove daunting, resulting in misconfigurations, outdated software, or weak authentication measures. By applying more stringent controls, multi-factor authentication (MFA), continuous monitoring, and zero-trust access policies, the security of VPN access and jump servers can be significantly enhanced.
Although typically perceived as secure, layer 1 networks can be unexpectedly vulnerable to breaches. The prevailing practice of nesting programmable logic controllers (PLCs) via serial links or non-routable OT protocols fails to segment these devices and the OT network adequately, and the soft and unmonitored segmentation between layers poses a major risk. These devices normally do not have any security measures built into them, such as secure login or user validation.
In the event that a threat actor successfully breaches a layer 2 device, they may be able to progress downwards to the PLC level, potentially causing damage and even physical harm. This concern is critical as compromising the integrity of layer 1 devices can have widespread consequences, including equipment malfunctions, process disruptions, and damage to personnel or infrastructure.
To mitigate this vulnerability, organizations must implement robust security measures that involve securing higher layers and establishing strong controls and monitoring mechanisms at the foundational layer 1. These measures safeguard critical OT assets from unauthorized access and potential physical harm, bolstering the overall security of the environment.
Zero trust is a groundbreaking security framework that challenges the conventional perimeter-based security approach and revolutionizes the protection of OT environments. Founded on the premise that every user and device must be authenticated upon each access attempt, the zero-trust model markedly enhances security by integrating multi-factor authentication, network segmentation, encryption, continuous monitoring, and identity-based access.
This comprehensive approach empowers organizations with improved visibility and control, enabling them to more effectively detect and respond to threats while minimizing lateral movement through strict access controls and network segmentation. Zero trust operates proactively and dynamically, continuously verifying users and devices, enforcing stringent access controls, and implementing robust security measures.
Cyolo takes the concept of zero-trust access and applies it to OT environments, offering a proactive approach to preventing security incidents rather than just responding to them. Unlike other solutions on the market, Cyolo does not require changes to the OT architecture or disruptions to the safe operation of the system. Cyolo supports the legacy and offline systems that characterize many OT environments and extends a layer of protection that can easily accommodate the diverse range of protocols commonly found in OT settings.
By centralizing visibility and control, Cyolo creates a unified view of the complete environment, allowing organizations to monitor and manage access to sensitive OT systems most effectively. This centralized approach not only enhances security but also helps reduce operational costs by streamlining administration and eliminating the need for multiple disparate security solutions.
With the Cyolo solution, industrial organizations can take control of their OT security, minimize the risk of breaches, and meet evolving compliance mandates, ultimately safeguarding critical assets and maintaining the integrity of their OT environments.
Jennifer Tullman-Botzer is a cybersecurity nerd by day and a history nerd by night. She has over a decade of experience in cybersecurity marketing and is as tired as you are of hackers-in-hoodies stock images. Jennifer joined Cyolo in 2021 and currently serves as Head of Content. Prior to Cyolo, she worked in a variety of marketing roles at IBM Security. She lives in Tel Aviv, Israel.