Not long ago, there was a clear separation between operational technology (OT), which drives the physical functions of an enterprise, such as a factory, and information technology (IT), which manages enterprise data to improve control and productivity. was. Planning.
As IT assets became increasingly connected to the outside world via the Internet, OT remained insulated from IT and the rest of the world.
However, the prevalence of the Industrial Internet of Things (IIoT) and the need to constantly monitor and track information from manufacturing and assembly lines means that the connectivity between IT and OT systems has greatly expanded. OT is no longer isolated. OT is now as exposed to the outside world as IT.
What does this mean for OT security, which is difficult to patch for hard-to-access devices required for 24/7 production?
no more air gaps
Not so long ago, all data exchange between IT and OT was done via a “sneaker net”. The operator physically goes to a terminal connected to the OT device, offloads the data covering the most recent time period, and takes the offloaded data to a workstation where it uploads it to her IT system in the organization. .
While this was a cumbersome and time-consuming method of data transfer, it provides a valuable physical separation (air gap) between OT and IT infrastructure by protecting critical OT devices from typical IT cybersecurity risks. ) was meant. But as the song progresses they are changing. In fact, they’ve been around for quite some time.
Today, OT is at the forefront of cybersecurity risks. An increase in ransomware incidents that cripple entire companies and bring production to a halt for extended periods of time will have a devastating impact on the sustainability of affected companies and will gradually affect the entire value chain.
Case in point: United Structures of American Inc., previously valued at $100 million, filed for bankruptcy in early 2022. This is mainly because a steel manufacturing company fell victim to a ransomware attack and lost most of its data. And everyone will remember last year’s attack on the Colonial Pipeline.
OT must be quickly adapted and protected
The fast-paced nature of today’s technology environment means that we can’t go back to the old ways of doing things, and we have to assume that OT will be left exposed to the outside world. This means you need a different approach to securing your OT infrastructure.
Many solutions to this challenge have been proposed, but since some models are no longer relevant, these solutions often require completely different architectures. Replacing existing devices or changing existing processes to keep up with the new “best practices” of the day is always costly in time, resources, and training.
This impacts bottom lines, so companies delay migration as long as possible. As we have seen repeatedly, some companies find the right motivation to spend heavily on cybersecurity only after an incident occurs.
When the worst-case scenario occurs, companies quickly find the funding they need to fix the problem, but as United Structures found, it can come too little or too late.
Consider taking at least some steps
If you haven’t secured OT yet, you should start now. A step-by-step process can help when the large-scale changes required to fully secure OT are impractical and not affordable.
For example, if practical, consider segmenting the network used by OT and applying an application whitelist so that only authorized OT applications can send and receive data over that network. please give me. You can closely monitor network traffic and analyze logs to catch attackers before it’s too late.
If your OT is built using a Linux device, consider live patching. Live patching does not compete with the uptime goals that normally occur when hard-to-reach OT is continually updated and reboots are required to apply patches.
Whatever your strategy, there is no excuse for leaving OT unprotected. This is true for procedures such as OT network isolation, but also for other options such as live patching previously unpatched devices.
There is no “good time” to take the first step. The best time to start OT risk mitigation is now.
This article is written and sponsored by tax carean enterprise-grade industry leader Linux automation. TuxCare is a developer, IT security manager, and Linux server administrator Looking to enhance and simplify cybersecurity operations affordably. TuxCare’s Linux Kernel Live Security Patches and Standard and Enhanced support services Help protect and support over 1 million production workloads.
to stay connected tax care,follow me LinkedIn, twitter, FacebookWhen Youtube.