Industry 4.0 and digital transformation are now a priority for industrial organizations, the convergence of IT applications and OT environments makes establishing and maintaining 360° visibility increasingly tricky. Porous perimeters, distributed applications, and security gaps resulting from rapidly evolving and expanding infrastructures expose the vulnerabilities of most critical infrastructures, including difficult-to-secure systems and implicit trust models of resource access to highly motivated cybercriminals.
While intermingling digital innovation with mission-critical physical assets can provide a variety of benefits from both conceptual and efficiency standpoints, it also has its challenges. Chief among these is maintaining visibility and control. Unless this transition is undertaken with care, security may be left behind, exposing organizations to unnecessary risk.
The Fortinet Asia 2022 Operational Technology (OT) Cybersecurity Report finds that organizations are still moving too slowly towards full protection of their operational technology (OT) assets. This comes at a time when OT systems are becoming more important to many organizations’ well-being, geopolitical events are making attacks more likely, more OT systems are being connected to the internet, and IP-based threats are becoming more advanced and doing more damage. This combination of factors is moving OT security upward in many organizations’ risk portfolio.
Industrial control and OT environments continue to be a target for cyber criminals – with 96% of Operational Technology (OT) organizations experiencing an intrusion in the past 12 months – the report uncovered the attack surface for cyber-physical assets is expanding as a dependence on air-gap protection diminishes with Digital Transformation initiatives driving IT-OT network convergence. The key findings of the report include:
Organizations are connecting more IP-enabled OT devices for data-centric outcomes.
With Industry 4.0 and digital transformation of manufacturing largely consisting of automation, artificial intelligence (AI), and rapid technological innovation 98% of OT Organizations in India had 100 IP-enabled devices in operation while 62% had more than 1000 IP-enabled devices in operation. The ubiquitous interconnectivity among these devices, users, and distributed networks presents a substantial challenge for traditional siloed security solutions.
Ownership of OT security is not consistent across organizations.
According to the Fortinet report,OT security management falls within a range of primarily director or manager roles, ranging from the Director of Plant Operations to Manager of Manufacturing Operations.Only 22% of survey respondents say that the CIOs or CISOs holds the responsibility for OT security at their organization.
Ransomware is a big area of concern because of its efficacy.
Given cybercriminal success with Ransomware-as-a-Service (RaaS), a growing number of additional attack vectors are now available as a service through the dark web. Among Indian OT Organizations 88% have a high level of concern regarding ransomware attack in their environment when compared to other intrusions. While 25% of them admitted having had a Ransomware intrusion in the past 12 months.
OT security intrusions significantly impact both IT and OT environments.
The Fortinet report found that 96% of OT organizations experienced at least one intrusion in the past 12 months and 90% had more than three intrusions. Only 54% of these security compromise in OT systems were reported to senior leadership. Intrusions are having an impact not just on OT, but enterprise IT systems as well with 29% of India organizations which had OT systems impacted by intrusions also had their IT environments impacted by the intrusion.
Organizations impacted by intrusion took longer time to return to service.
OT organizations don’t have flexibility when it comes to downtime, yet 92% of Indian organizations took hours and more to return to service after an intrusion while 60% took days, weeks and months to return to service after an intrusion.
Organizations are impacted by operational downtime impacting revenue and productivity after an intrusion.
The report found 65% of India OT organizations suffered operational outage that affected productivity, 58% suffered operational outage that impacted revenue while 48%suffered operational outage that put physical safety at risk.
OT security is gradually improving, but security gaps still exist in many organizations which lack centralized visibility.
Only 16% of respondents have achieved centralized visibility of all OT activities. The report findings indicate 84% lacked centralized visibility contributing to organizations’ OT security risks and weakened security posture. When asked about the maturity of their organization’s OT security posture, only 14% of organizations have reached level 4, which includes leveraging orchestration and management. More than 64% of organizations are in the middle or low levels having reached level 2 towards having a mature OT security posture.
“While OT security has the attention of organizational leaders the problem often relates to the complexity involved in building a holistic security infrastructure that encompasses both OT and IT environments. Instead of disparate point products operating in silos, the Fortinet Security Fabric enables multiple OT security technologies to work together across IT and OT environments. With full IT-OT integration and shared threat intelligence, organizations gain fast automated responses to attacks, close OT security gaps, deliver full visibility, and provide simplified management.” Said Vishak Raman, Vice President of Sales, India, SAARC & Southeast Asia at Fortinet.
Overcoming OT Threats with Better Visibility
The rapid expansion in the threat landscape and the increase in attacks demonstrate the increased need for integration between enterprise solutions and operational infrastructure. In most cases, security considerations need to extend to on-premise systems and extend to the Internet of Things (IoT) and Industrial Internet of Things (IIoT) devices. It’s also important to have an infrastructure control strategy that restricts and contains suspicious activity and behavior.
In addition to replacing implicit trust with a zero-trust access model, microsegmentation provides a practical approach to minimizing and mitigating security threats. Leveraging the Purdue Model, one of the oldest models to define the foundation and framework of industrial reference architectures, this approach allows OT administrators to segment and isolate the OT attack surface into specific control zones and to control what data flows across those zones through defined conduits. This approach enables businesses to proactively address the growing threat to the OT environment in a contained manner, limiting any attack to a small subset of the OT network rather than giving it broad access to the larger environment. Furthermore, microsegmentation can limit east-west traffic to minimize the chance for a bad actor’s lateral movement through the network.
Today’s organizations need accountability, internal systems need hardening, and new technologies require advanced attack detection. But with proper planning and integrated technologies, organizations can begin the journey from their flat networks to a segmentation model to improve visibility and enhance the defense of resources, systems, and users business wide.