<img height="1" width="1" style="display:none;" alt="" src="https://dc.ads.linkedin.com/collect/?pid=492489&amp;fmt=gif">
Group 403

Using defence in depth to protect operational technology environments

September 23, 2022
Read Time 3 mins

Using defence in depth to protect operational technology environments

By Diane Pieterse, Business Development Manager

In today’s age of unprecedented technological advancement, times are changing at a rapid pace. However, while intelligent automation, the Internet of things (IoT) and industrial control systems (ICS) are revolutionising many industries, and streamlining manufacturing processes, they are also introducing a wide variety of new cyber risks and threats.

This is why operational technology (OT) security, which covers ICS and IoT, is becoming increasingly critical because attacks are focusing more and more on physical processes, either for ransomware or to sabotage and damage critical production systems. Attacks such as the Blackenergy3 malware that was re-purposed to attack the electrical grid of Ukraine several years ago, the more recent attack against the Oldsmar water treatment plant, and a slew of ransomware attacks against the vaccine supply chain, have seen boards, governments, and operators of industrial organisations stand up and take notice.

Hard to secure

If we think about supervisory control and data acquisition (SCADA) and ICS systems, it’s important to remember that these systems were not originally designed to be connected to the Internet, and as such, were not secure by design. This recent increase in connectivity has helped to make sure that critical industrial processes are smooth and up-to-date but has also exposed critical infrastructure and manufacturing to risk, which can cause major disruption and damage to processes over time. These systems are now vulnerable to a wide range of exploits, such as systems without passwords or with hard-coded passwords and configuration issues, to software bugs and hardware vulnerabilities.  In the worst-case scenario, altering the commands sent to the controllers, or changing the controller logical sequence, or even altering sensor readings, can enable attackers to create changes in the industrial processes themselves.

And unfortunately, once a bad actor is able to run software on a host that has access to an ICS system, a successful attack is very easy to carry out. In addition, as connectivity grows across these systems, threat actors are targeting the expanding and increasingly interconnected network surface across both manufacturing and critical infrastructure facilities.

Another stumbling block when it comes to securing OT, is that their ruggedness and stability allow facilities to use ICS and SCADA solutions for extended periods of time, a decade or two, or even longer. But this is a double-edged sword, as they are often located in remote areas that are not easily accessible, severely hampering the ability to keep them upgraded and bug-free. Similarly, OT environments are often a muddle of ICS vendor protocols and network topologies, mixed with a range of old and new assets, which lack both discovery and visibility.

Similarly, their software is not able to be updated or patched regularly, due to access limitations, worries about too much downtime or even the need to re-certify. ICS and SCADA systems usually also run on legacy software that doesn’t have sufficient user and system authentication, data authenticity verification, or data integrity checking features that prevent threat actors from injecting commands and manipulating parameters to modify, delete, damage, or copy data on controlled access systems.

Unique challenges

For all these reasons, protecting ICS poses unique challenges. Service uptime, data integrity, compliance, and of course public safety means that owners of these critical entities need to put measures in place to safeguard these crucial assets. To do this, either physical or remote access to a machine or network that is connected to the controller or sensor is needed. The majority of ICS and SCADA networks already have some level of perimeter defence such as network segmentation and firewall technologies, all of which aren’t easy to bypass, so cyber crooks are always looking for another foothold onto the system. Often, they gain access via holes in the security armour left by weak or incomplete network security policies, weaknesses in specific vendor implementations of a protocol, as well as system and security configuration errors. Sometimes, attackers make use of proprietary operating systems that have not been put through to security hardening, or out-of-the-box systems that feature default or simple passwords and baseline configurations make it child’s play for any reasonable technical attacker to compromise OT systems.

This is why ICS security needs to be built in layers to prevent attacks from both external and internal sources. Check Point, for example, offers a segmented, multi-layer defence-in-depth strategy that is specifically designed for the unique requirements of ICS systems and OT environments. When it comes to critical infrastructure, there is no silver bullet, nor is there a one-size-fits-all approach that works. Each environment is different, and these highly specialised systems must have dedicated security methods and tools that are tailored to their specific set of operational requirements. Attacks are a relevant and imminent threat to any organisation, and nowhere can the consequences be more dire, than in operational technology environments. Check Point definitely brings the industry's most comprehensive cybersecurity solution for ICS and IoT, keeping connected assets, including Industrial controllers, SCADA servers, and sensors on the OT network safe, secure and protected.

Subscribe to our blog