Practical Approach to OT Security

  • Blog
  • Practical Approach to OT Security

Part 1

Importance of OT Security

Primarily, the knowledge and know-how of SCADA systems were limited to people with fancy degrees. The threat landscape mostly consisted of threats from internal employees or advanced persistent threats sponsored by nation states. However, the Stuxnet attack on Iranian Nuclear plants in 2011, blew this out of proportion. The current threat landscape is that, while the industry has improved its OT technologies with better security mechanisms, the knowledge of these are open to public. Now, anyone with internet access can target OT infrastructure and need not be highly funded. Attacks are no longer just from internal employees or nation states.

To start with, let us reflect on some of the most high-profile examples of cyber-attacks on critical infrastructure around the world.

A massive power outage hit the Ukraine in December 2015 and it was SCADA cyber-attack, which left around 230,000 people in the west of the country without power for hours. The chaos was planned using spear phishing emails. After a year, another attack hit the country, this time targeting the Pivichna substation near Kiev, causing an hour-long blackout in the surrounding area.

A massive power outage hit the Ukraine in December 2015 and it was SCADA cyber-attack, which left around 230,000 people in the west of the country without power for hours. The chaos was planned using spear phishing emails. After a year, another attack hit the country, this time targeting the Pivichna substation near Kiev, causing an hour-long blackout in the surrounding area.

Another example involves a different attack target, a small dam in Rye Brook, New York. This not so famous place became the focal point of a serious concern and the U.S. Justice Department claimed that it was as Iranian attack on U.S. infrastructure. The move to attack the infrastructure of another nation is alarming and unveils future warfare.

In 2016, the SWIFT global messaging system which is used by banks to move money around the world, was used by hackers from North Korea. Millions of dollars were stolen in this attack, as the attackers gained access to legitimate SWIFT credentials after finding vulnerabilities in the defences of banks.

In 2016, the SWIFT global messaging system which is used by banks to move money around the world, was used by hackers from North Korea. Millions of dollars were stolen in this attack, as the attackers gained access to legitimate SWIFT credentials after finding vulnerabilities in the defences of banks.

With these examples lingering in our minds, let us be aware of the intensity of havoc that a cyber-attack can bring forth.

What is OT?

Operational Technology (OT) refers to the hardware & software used to connect, monitor, and control machines, processes, and events in an Industrial environment. OT integrates physical things: to monitor status, control machines and automate processes for significantly improving productivity, quality, and efficiency. OT comprises of the following types of devices and systems:

  • Sensors
  • Actuators
  • Programmable Logic Controllers (PLC)
  • Direct Digital Controllers (DDC)
  • Remote Terminal Units (RTUs)
  • Supervisor Control and Data Acquisition (SCADA) systems
  • Human Machine Interfaces (HMIs)

All the above components are interconnected by wired/wireless communication network to function as a single integrated system. These devices understand common protocols so that they can send/receive commands, status, and control information through the network.

Traditionally, OT network is a separate network in a factory or facility implemented using serial communication networks, shared bus/ring topology and master-slave communication protocols. They are not very high-speed networks like an enterprise LAN but are deterministic and fault tolerant so that the messages are guaranteed to be delivered on time every time.

Who uses OT?

There is a general myth that only manufacturing organisations use OT. In a digital world, OT is used by almost every enterprise. OT systems are extensively used in power distribution and HVAC systems, which are critical functioning of Data Centres, Offices, Hospitals, etc.

 IT/OT integration

There are three key drivers for IT/OT integration:

  1. Ethernet and IP: The Defacto network technologies used in enterprise networks, are extensively being adopted in OT networks. Ethernet is fast, ubiquitous, and low cost. But the standard ethernet used in enterprise networks are not real-time and deterministic. However, several organisations have implemented extensions to the data link layer of ethernet to make it real-time and deterministic. A few of them, such as TSN, EPSG are adopted as standards by IEEE.
  2. Enterprise Applications: The ones like ERP are being integrated with factory to get production data, work in progress and maintenance information to provide real-time visibility to customers and other key stakeholders.
  3. IoT & Cloud: With emergence of low-cost wireless and communication technologies, a new breed of solutions was created for interconnecting physical machines and things (in the same way how computers are connected). Applications were developed to capture data from the “things”, store them and analyse them to get meaningful insights. This IoT revolution is further accelerated by Cloud technologies which provide massive storage and computing power.

IT/OT integration is a key component of Industry 4.0 and digital transformation in manufacturing. It enables end-to-end visibility of enterprises, efficient processes, improved productivity, and quality. Having understood the significance of IT/OT integration, let explore some facts about threats and how we are exposed to such threats.

Need for OT security depends on

Security Risk = Threats * Vulnerabilities * Exposure

Threats are potential sources of cyber-attack. They can be from within the organisation, such as dissatisfied and compromised employees or from external entities, such as competitors, and enemy countries. Generally, threats have motivations to attain sense of achievement or commercial gain. Sometimes, threats can be imposed because of revenge. It is impossible to eliminate such threats from the cyberworld considering the current geopolitical scenario and a highly competitive environment.

Vulnerabilities are the weaknesses in the system. There can be vulnerabilities in the computers, software, processes and even in people. Threats exploit these vulnerabilities to launch cyber-attacks.

Exposure is the accessibility of computer systems and people to the potential threats. When we are connected to Internet, our computer/device is exposed to billions of users on the Internet. If our device has a vulnerability, a hacker (threat) can steal the data stored in our device.

Mitigating security risk involves:

  • Identifying and controlling the vulnerabilities present in our systems and processes.
  • Limiting the exposure to the extent it is required.
  • Constantly monitoring the threats (based on intelligence from recent attacks across the globe) and implementing controls.

In the past, OT systems in factories were isolated from enterprise network and only few people in the factory had access to it. Most of the systems were proprietary and they were not interconnected. Though these systems may have had many vulnerabilities, the threats were not able to gain access due to the limited exposure.  However, organisations today are adopting IT/OT integration as it is proving to be a game changer for them. This integration exposes the OT systems to the external world, thereby increasing the security risk.

Since OT systems have limited hardware resources, it is not possible to run CPU intensive advanced security software on these devices. Also, modern IoT/IIOT systems run on standard operating systems, such as Linux and Windows are prone to more known vulnerabilities. Unlike the enterprise IT systems, it is not practical to update security patches frequently in OT systems. So, these vulnerabilities continue to be present for a longer time.

The result of a cyber-attack on OT systems could be catastrophic. This could cause a power plant to shut down, chemical plant to explode and disrupt an entire transport network. The communication protocols in an OT network are different from an enterprise IT network. They are deterministic, time sensitive, fault tolerant and provide guaranteed delivery of commands and information. The security solutions of an IT network cannot be applied for OT systems.

In summary, OT security threats are real and OT systems are more vulnerable compared to IT systems. Securing OT systems require domain expertise in OT devices, networks, and protocols. It is critical that organisations approach OT security in a holistic manner instead of merely extending the currently available IT security solutions.

Tags: , , , ,

Leave a Comment

Categories

Follow us

Newsletters

Get the Latest News from Netcon


We always respect your privacy and we never sell or rent our list to third parties. By signing up to this newsletter you are agreeing to our terms of use. You can opt out at any time.

Recent Posts

Tags