Critical infrastructure organizations are undergoing dramatic changes in their technology and cybersecurity landscapes that make them both more efficient and more vulnerable.
Nation-state actors and cybercriminals increasingly are targeting the industrial and manufacturing sectors, especially if they involve critical infrastructure.
Ransomware attacks, which are again on the rise after a lull in 2022, frequently target infrastructure, because the critical nature of their operations make it more likely that victims will pay ransom to unfreeze their systems.
Another reason attackers target industrial and manufacturing systems is that a lot of OT consists of older devices and sensors that are inherently unsecure because they weren't designed to be used in Internet-accessible environments.
Original equipment manufacturers are applying security controls to new devices, but it likely will take years before they are fully integrated into existing systems.
The Real Threats May Not Be What You Think Industrial and manufacturing organizations may once have been able to rely on the segregation of OT from IT, but they can no longer build an OT security strategy around segmented environments.
Most attacks involving OT start with attacks on IT systems.
Securing the converged environments can become a complex challenge, compounded by the fact that it is difficult to find both security engineers and OT experts.
Building a security strategy that encompasses the entire enterprise requires practicing the basics of security, understanding where weaknesses exist and the paths an attacker can take, conducting simulations, and practicing responses.
Russia, China, Iran, and North Korea are targeting critical infrastructure, which tends to be heavy with OT, and have been responsible for some of the most high-profile attacks in recent years, such as those on Colonial Pipeline.
Most OT organizations should be more worried about opportunistic criminals looking to make money from ransomware or other profitable attacks.
Practice, Practice, Practice Protecting a converged OT/IT environment is less about modernizing old OT devices as it is about performing basic hygiene and ensuring that good IT and OT practices are in place.
To begin with, remember the old security dictum that you can't manage what you don't know you have.
That visibility allows you to identify the vulnerabilities most likely to be targeted by attackers and understand how an attack can be carried out.
It's also important to simulate attacks against the organization's assets, which will improve your ability to predict how and when those attacks could happen.
Chief information security officers need to implement tight security programs that regularly simulate attacks, focusing on attacks against IT that cascade to OT and the shock points along the way.
Do it again - practice, practice, practice.
A vendor can help an organization with response readiness, determining where the choke points are between IT and OT. A third party can, for example, show you how to identify at an early stage any attack that bridges the perimeter and how best to mitigate it.
For critical infrastructure organizations it still comes down to the basics.
There may not be a silver bullet, but following a solid plan like that can help keep defenders ahead of modern and complex attacks made against their increasingly mixed IT and OT environments.
This Cyber News was published on www.darkreading.com. Publication date: Mon, 08 Jan 2024 15:05:03 +0000