As newer and emerging technologies like 5G, AI, and remote operations increase IT and cloud connectivity and rapidly transform industrial operations, they’re bringing welcome productivity and efficiency gains. But they can also introduce new security concerns for OT environments, expanding the attack surface and opening new opportunities for cyber criminals.
OT environments historically seemed impervious to cyberattacks, because their Industrial Control Systems (ICS) were air-gapped, their technologies proprietary, their end markets fragmented, and their assets older. A recent report by Palo Alto Networks and ABI, The State of OT Security, found that 70 percent of organizations said they’ve experienced a cyber-attack on their OT environments; 1 out of 4 experienced a shutdown of operations as a result of an attack.
With the right approach in place, organizations can ensure they’re maximizing their investment in these new technologies while also maintaining security.
Rapid Transformation for the Future
The application of 5G, cloud and AI is a game-changer for OT environments. These technologies are expediting digital transformation, helping reduce time spent on manual tasks, increasing productivity and streamlining operations. The speed, reliability, and flexibility of these emerging technologies offers new efficiencies and enhances business continuity for mission-critical environments. However, the increased connectivity without adequate security controls in place is changing the threat landscape and increasing the exposure to potential threat actors.
Additionally, OT environments are known to have legacy equipment with very long lifespans, and asset owners are heavily reliant on OEM vendors or third parties for routine maintenance and technical support. This often leads to remote connections into OT environments, and because of large, complex, and geographically dispersed architectures and facilities that require vendor-specific tools for troubleshooting and updates, it makes it harder for security teams to monitor and track these connections.
Unsanctioned access of assets, applications, and connections is also well-established as a primary attack vector for threat actors.
On the other hand, remote access provides increased flexibility for responding to incidents quickly, which is a crucial part of any incident response plan. This allows for OT assets to be remotely diagnosed, maintained and remediated, thereby reducing downtime, saving time and money, and reducing the need for on-site maintenance.
A converged OT/IT environment with connected devices and remote monitoring and maintenance is clearly the future, but the other side of the coin is that these new use cases and technologies can also introduce new cybersecurity concerns and require cybersecurity controls that mitigate threats against the backdrop of a constantly shifting landscape.
New Tech Brings New Risks
According to the nearly 2,000 security and OT professionals we surveyed, the primary security challenge over the next two years will be securing industrial devices. Of foremost concern is the widespread adoption of A-powered attacks; 74 percent of survey participants are concerned that AI-powered attacks represent a massive threat to OT infrastructure.
Yet while it does bring risks, it also has potential to enhance cybersecurity. In fact, 80 percent of professionals surveyed said AI-enabled security solutions will be critical for stopping attacks directed at their OT environments.
The kind of connectivity that 5G brings comes with a downside; it can open the door to DDoS and other attacks. It will also likely lead to targeted attacks because Industrial Control System (ICS) assets could be laid bare for all to see. In addition, the software-defined focus of 5G will enable existing IT-based threats to migrate both to the 5G core itself and to the extended network.
The risk is real, as 67 percent of respondents said their organizations are investing in 5G technology for their OT environment and 70 percent recognize that 5G-connected devices are increasingly important OT threat vectors.
Similarly, the adoption of cloud and remote access to enable employees to work remotely has come at the cost of expanding the attack vector and putting internal resources at risk. And with three out of four respondents saying that remote access for employees and third parties is on the rise, this will be a significant concern.
Maximizing Investments
Progress is inevitable, and it would be ill-advised to try to stop it. These emerging technologies are on track to completely transform OT operations, but it’s key to plan for their security.
Teams need to ensure they have adequate security and coverage for the new attack surfaces brought on by remote operations, 5G, cloud-connected OT assets and AI. There’s a profusion of cybersecurity technologies to be sure, but an important aspect of a modern OT security strategy is to respond to the dynamics of digital transformation with a framework like Zero Trust.
Zero Trust is rooted in the idea of “never trust, always verify,” and the survey found that increasingly, decision-makers see Zero Trust solutions as vital in the future of OT security. In fact, 86 percent of survey respondents viewed Zero Trust as the correct approach for bolstering security frameworks for OT environments. The foundational concepts of Zero Trust can help protect modern OT environments to:
- Identify business-critical assets to determine those most at risk of posing significant impacts in the event of a cyber incident.
- Understand how networks, applications, devices and users communicate with business-critical OT assets.
- Leverage least privilege access control, which uses segmentation by context and minimum access policies for resources.
- Ongoing secure inspection of OT processes and network traffic to stop threats that could threaten business-critical assets.
These concepts rest on the foundation of high visibility for OT assets and remote apps, along with risk exposures. The SANS Institute recommends critical controls for OT cybersecurity that include:
- Creating an ICS or OT-specific incident plan.
- Ensuring your ICS architectures are defensible with proper visibility, monitoring, segmentation and policy enforcement.
- The ability of asset owners to identify, monitor, and control remote access points.
- Helping organizations take a risk-based vulnerability management approach to help mitigate the impact of cyber attacks.
Legacy OT systems are vulnerable to a barrage of threats they are not equipped to handle without significant changes to the security framework. Zero Trust can help in today’s increasingly dynamic OT environments, as will having the proper security controls in place. As you assess your OT security posture, make sure your strategy aligns with the best practices noted above so that your organization can safely take full advantage of new technologies.
