According to Seqrite’s Threat Report from Q2 2020, the manufacturing industry saw the greatest percentage of attacks in comparison to other sectors. Other industries targeted included Power & Energy and Automobiles, all which use Operational Technology (OT) to a large degree. The emergence of a blend of IT-OT is deemed as a reason for an increased attack surface on the aforementioned sectors.
Operational Technology (OT) essentially refers to the use of hardware and software to monitor and manage physical infrastructure and devices. It is widely used in a variety of resource-intensive industries including manufacturing, heavy vehicles, oil & gas, rail, etc.
With the emergence of the Industrial Internet of Things (IIoT) which envisions a multi-dimensional, interconnected world, the importance of OT cybersecurity has become more pronounced. In an earlier era, OT systems did not have a digital shadow as they were not connected to the internet — — cyber threats did not pose a severe threat.
However, the times ahead are likely to see an expanded convergence of Information Technology (IT) and Operational Technology (OT) systems. Already, new-age manufacturing companies are using Factories of the Future and Digital Twins which allow the entire shop floor to be digitized. The two systems are no longer separated and that means cyber threats pose an existential threat to OT systems.
A pronounced increase in the threat landscape
Operational technology differs from information technology in the sense that OT does not possess any inbuilt cybersecurity safeguards. OT systems were built on an understanding that they would not be connected to outside networks and would thus not be vulnerable to threats. The paradigm though has shifted and with it, comes, inherent security risks.
When an OT network is connected to the outside network by IT systems, there is a significant increase in the company’s threat landscape. The entire OT network along with all OT connected systems are now open to a dangerous and ever-changing world of cyberthreats. Third-party vendors may also have remote access to OT systems further increasing the attack surface.
Lack of accountability
Despite the convergence of IT & OT, traditional enterprises are at risk of reacting too slowly and not ensuring accountability for a shared network. Despite the two systems having a combined attack surface, enterprises will keep Chief Information Officers (CIO) responsible for safeguarding IT systems and Chief Operating Officers (COO) for safeguarding OT systems. This leads to duplication of work and no single source of authority for managing what has essentially become one network. Cybercriminals are aware of this and will use it to their advantage to strike IT-OT systems.
The consequences of attacks on OT systems
Cybercriminals are no longer interested in just stealing data from an enterprise. They have understood the large-scale consequences that can arise from attacks on OT systems. A Ponemon study in 2019 found that 56% of gas, wind, water and solar utilities across the world had experienced at least one cyberattack causing a shutdown or loss of operations data in the last year. Critical infrastructure can be shut down or hampered, putting lives and huge populations at risk. Only last year, parts of Johannesburg, South Africa’s largest city, were without power after the local electric company, City Power, suffered a ransomware attack.
The message is clear – every step of an enterprise’s attack surface needs to be safeguarded.
Seqrite’s in-depth research on possible threats emerging due to the confluence of IT and OT can safeguard sectors leveraging this technology from emerging cyber threats.