Reducing cyberthreat exposure for operational technologies and control systems
By Max BurkhalterAugust 7, 2020
The ongoing COVID-19 pandemic has caused widespread disruption and uncertainty for organizations across the globe, leading IT administrators to integrate new teleworking systems and cloud-based applications to keep operations running smoothly. However, the rapid transition to remote work environments has introduced a variety of weaknesses into modern enterprise networks and control systems, leading to a surge of new cyberattacks.
According to a joint security alert from the National Security Agency and the Cybersecurity and Infrastructure Security Agency, malicious actors have ramped up their efforts to infiltrate critical infrastructure by "exploiting internet-accessible operational technology (OT) assets." While for-profit businesses are also grappling with these threats, civilian infrastructure is a prime target for both independent hackers and foreign powers looking to steal sensitive consumer or proprietary data.
Assessing the modern threat landscape
Government agencies like the Department of Defense and facilities that are considered a core part of U.S. infrastructure have started taking actions to secure their operational technologies against emergent threats. One reason for this shift in priorities is that internet-accessible OT assets are more prevalent than ever before, largely due to the push for remote operations and decentralized workforces. In fact, research from Gartner suggests the total number of internet-connected devices will reach 20 billion by the end of 2020. That said, facilities that still rely on legacy OT are equally at risk, as traditional IT systems were not designed to defend against most cyberthreats. According to the CISA and NSA, these conditions can create a "perfect storm" of vulnerabilities, leading to poor access controls for unsecured assets and a higher risk of targeted attacks.
Although managing civilian infrastructure comes with unique demands, many of the attack vectors used by hackers are similar to those leveraged against businesses. The joint alert from the NSA and CISA pointed to six commonly observed tactics that IT administrators must consider:
- Spear phishing scams
- Ransomware attacks
- Exploiting poor authentication methods
- Leveraging commonly used ports and standard application layer protocols
- Infiltrating vendor engineering software and application downloads
- Modifying control logics and parameters on PLCs
The impact of these vulnerabilities varies from one security incident to another, but many organizations can expect to see a sharp drop in the availability of their OT assets and decrease in employee productivity. The longer it takes for IT administrators to detect and mitigate a cyberthreat, the higher potential there is for revenue losses and unplanned downtime. Considering civilian infrastructure - transportation systems, airports, telecommunications, etc. - plays a key role in the everyday lives of countless people, it's crucial for government agencies and essential facilities to reduce their exposure to external threats.
Improving the security of critical OT assets
Integrating new security tools and asset monitoring platforms may seem like an easy fix to the cybersecurity challenges brought on by COVID-19, but true adaptability is built on careful response planning. In their joint security alert, the NSA and CISA emphasized the need for OT resilience plans that provide end-to-end guidance following a cybersecurity incident. IT administrators must be able to immediately disconnect their systems from the internet and remove "additional functionality" that could expand their facilities' attack surface. By identifying system and operational dependencies before an attack has occurred, organizations can restore their OT devices in a timely manner without introducing new vulnerabilities into the mix.
Another key defensive protocol involves network hardening, whereby IT administrators eliminate as many security risks as possible by removing non-essential software and applications from key workstations and control servers. This often involves both technology-driven innovations and end user awareness training - by ensuring all employees with access privileges understand best cybersecurity practices and the tools at their disposal, organizations can meaningfully reduce their attack surfaces. This is particularly important for environments that rely on IoT devices, which are highly vulnerable to brute-force attacks and malware, Trend Micro noted. To offset the risk of targeted OT attacks, IT administrators should:
- Keep all internet-accessible systems and devices fully patched
- Segment networks to protect critical PLCs and workstations
- Integrate virtual private networks with strong encryption capabilities and multi-factor authentication
- Filter network traffic and incorporate "geo-blocking" to proactively control users' access privileges
- Update the login credentials of all IoT devices to eliminate default usernames and passwords
- Disable unnecessary features, such as discovery services, remote management protocols, virtual desktops, etc.
Beyond these administrative controls, government agencies and essential facilities should also look for opportunities to improve their networking infrastructure. Perle offers industrial-grade connectivity tools that can help organizations build and maintain secure private networks. Our Ethernet switches are specifically designed to connect with OT devices operating in extreme conditions, making them ideal for public transportation and safety systems, outdoor installations and harsh manufacturing environments.
To learn more, read some of our customers' success stories.