The resilience of operational technology (OT) has changed in the wake of the pandemic, and the stakes are higher today than before. Automation, powered by intelligent devices and robots, has caused some of the most significant disruptions. However, the rapid growth and proliferation of automation and smart devices also increase the attack surface and introduce new vulnerabilities. Faced with this shift, organizations need to invest in IT/OT security integration to protect connected industrial devices from attacks.
The pandemic has forced manufacturers and supply chain providers to make rapid, often drastic, changes to their operations. In many cases, these adjustments accelerated digital transformations that were already planned or ongoing. In other cases, some of the changes are temporary.
Organizations are adapting to a new work landscape that includes ongoing supply chain challenges and skill shortages across many sectors and positions. Most of the operational changes spurred by the pandemic will remain in place. It also means that active technology (OT) resilience has changed – and that the stakes are higher than before the pandemic.
Automation, powered by intelligent devices and robots, has driven some of the most significant disruptions. Some industrial companies were already at the forefront of automation before March 2020. During the pandemic, more industries and sectors adopted automation.
Increasing Threats To OT Environments Require New Cybersecurity Strategies
The rapid growth and proliferation of automation and intelligent devices increase the attack surface and introduce new vulnerabilities. In the face of this shift, companies must simultaneously invest in IT/OT security integration to protect connected industrial devices from attacks.
For example, attackers penetrating an OT network might be able to exfiltrate operational data and intellectual property. These attacks can lead to costly remediation efforts, compliance penalties, and reputational damage. Attackers may be able to take control of assets and change how they work or shut them down. Any of these actions can damage assets, putting employees and the public at risk.
Ransomware attacks are the number one security concern for many manufacturers right now. Criminal and government-sponsored groups have been targeting manufacturing and critical infrastructure for years, and this trend has only intensified during the pandemic.
Ransomware attacks have particularly hard hit the manufacturing industry, but no sector has been immune to the attacks. Because of this threat landscape, organizations are starting to either add new automation technologies to existing OT systems or start using OT systems from scratch. To protect their operations, organizations need to rethink their approach to protecting against operational downtime. That includes the way they value and monitor OT assets.
Asset Valuation Challenges And Solutions
If assessing and monitoring OT assets were that easy, it would already be widespread across all industries. However, the challenge is that OT and IoT devices do not function the same way as most IT devices. The security tools that protect IT networks, such as agents, can crash OT and IoT devices and lead to various operational challenges.
As a result, the only choice seems to be between efficient operations and proper security practices. These same security practices are critical to maintaining operations. Businesses need to identify every asset in their environment, know its physical location, see what software it’s running, and record its connections to other devices.
Additionally, it is essential to maintain this real-time visibility to identify device software, communications, and functionality issues before unusual device behavior can lead to a more significant incident. Identifying OT and similar devices without downtime or disrupting operations is necessary for a resilient OT environment.
A Robust Strategy For OT And IT Asset Management
To completely secure the company network, every asset in the environment must be recognized and monitored. This applies to the assets’ connections, network positions, and segmentation. This makes it possible to see which communication occurs between the support when the individual assets communicate with each other and whether they encrypt sensitive data during transmission. This transparency makes it possible to quickly determine when deviations from the norm arise and, for example, whether a new asset from outside the network is connecting to the facility’s wireless cameras.
Identifying the physical location of each asset is essential to ensure OT resiliency. This can locate unauthorized purchases in the environment for quick blocking and removal. Devices can also be physically removed or blocklisted quickly.
Resilience to external or internal attacks is increased by scanning assets for new vulnerabilities and cyber threats as they emerge. This helps the security team prioritize threat response based on risk level and allows them to automate device patches and updates. Also, logs of all device activity over time should always be maintained for forensics and compliance. Security management is also made easier by monitoring network changes to ensure temporary adjustments to firewall permissions and segmentation do not persist when they are no longer needed. Of particular importance in OT is also the protection of the programmable logic controllers (PLC),
Operational Resiliency Starts With Device Visibility
In today’s highly complex IT/OT environments, operational resiliency requires a comprehensive approach to device security. This starts with transparency and a complete view of each asset, as well as the security status and risks of the environment. IT security teams should leverage any resources available to quickly resolve security issues to prevent attacks and keep operations safe and efficient.