Three Steps Towards a More Secure OT Infrastructure

Years ago, the biggest concern from the plant floor was that an employee-made mistake would cause a problem that would halt production. More recently, the increase in external cyberattacks has forced organizations to split focus, allocating resources towards both internal management and defense against external malicious actors.

As the damage caused by cyberattacks became more visible, the general attitude toward cybersecurity changed. But, even though attacks are more commonly recognized as a threat, too many still believe it could never happen to them. A shocking number of organizations fall into the trap of thinking they’re too small of a fish to be worth the hassle of a cyberattack. Or worse, believe that because they are so big and have so many security systems in place, they are completely protected.

The unfortunate and unwavering truth is that no organization on the planet is completely safe. Hackers have changed, and too many organizations are playing defense without understanding their adversaries. The notion that the majority of hackers are working on their own out of their parent’s basements is long gone. Instead, we’re seeing a rise of malicious actors who are creative, well-funded, and quite willing to spend the time to launch an attack based on unique network vulnerabilities. From nation-states to adversarial “Hacker Groups,” today’s cyberattacker is an expert in their craft – and their tactic of choice is ransomware.

The ransomware itself is nothing new, but the volume of attacks, and resulting payouts, is certainly on the rise. Findings from CyberEdgeGroup showed that “A record 71% of organizations were impacted by successful ransomware attacks last year, according to the 2022 CDR, up from 55% in 2017. Of those that were victimized, nearly two-thirds (63%) paid the requested ransom, up from 39% in 2017.”

This tactic was designed to completely halt operations until the attacker has been paid, which can create huge problems for IT networks, but creates worst-case scenarios for Operational Technology (OT) operations — and that’s why it works. Companies are paying millions to get control of their operations back because networks weren’t up to the challenge in front of them.

What’s Holding Us Back?

From manufacturing to critical infrastructure, executives consider the best solution to be one that will provide the visualization to protect systems from cyber incidents with no impact on uptime.

Unfortunately, the premise of this ideology is flawed. First, any time security is implemented on top of a control system, there is a risk of stopping production. Second, while there are many products that will offer visualization into the network, many will also introduce new risks by changing the network or adding features such as sensors that can be compromised.

Organizations are turning to SDN in response to management’s ask for more visualization into the network. While many solutions on the market will give you that inside look into your network, in the world of SDN the only changes to your network are in the way it is managed. So, instead of having 250 switches dispersed across the plant that need to be individually controlled, users can get a real-time look at what’s going on in the network in one unified environment.

The other piece of the puzzle that many IT solution providers neglect is control. Visibility without the ability to act is pretty useless when it comes to preventing malicious attacks. The virtue of SDN is that it not only provides the visibility that executives are asking for but also supports real-time control of every switch on the network.

In legacy OT systems, establishing network management protocols and maintaining an effective security infrastructure is far more complicated than that in the IT world. Networks are more fragile, expensive, and typically built upon legacy equipment that needs much more than a quick patch to mitigate a vulnerability.

Managing these networks is often accomplished by expensive, complex solutions that are difficult to learn, difficult to deploy, and difficult to manage over time. The industry-wide shortage of cyber education, and the resulting shortage of cyber-aware OT personnel, have made effective and vigilant network management seem incredibly daunting – but that doesn’t have to be the case. Ease of use is critical and when in doubt, enterprises should abide by the 15-minute rule – if it takes more than 15 minutes to explain how to manage and secure your network, something has gone wrong.

Accommodating the need for visibility and control, while trying to operate with minimum risk of downtime, has been a prohibiting force that has allowed OT operations to continue operating with sub-par cybersecurity, despite the elevated threat climate. The resolution to the problem as a whole can be summed up by establishing a bespoke, proactive, and automated approach to OT cybersecurity.

  1. Establishing a Secure Infrastructure for the Future

While multi-billion dollar businesses are on the front foot of cybersecurity adoption, smaller and mid-sized companies are falling behind, leaving themselves vulnerable to sophisticated cyberattacks that can take their operations offline for days.

The most effective strategy for long-term success is to simplify and streamline the process of maintaining and securing operational networks. This means investing in technology that reduces complexity, and implementing switches to the point that managing an OT network can be accomplished by someone without an advanced degree in cybersecurity.

The journey toward establishing an effective cybersecurity strategy will look different for every organization based on its needs, values, and priorities. The basic roadmap, however, can look the same.

  1. Identify pain points and concerns

Each operation has unique needs that change over time. While user error might have been the greatest threat in the early 2000s, that concern may not even crack an organization’s top 5 concerns today. Before making any moves towards a security infrastructure change, it’s important to answer key questions mean such as:

  • What’s keeping you up at night?
  • What is your worst-case scenario?
  • Where are you most vulnerable?
  • What will a network outage actually cost?

By identifying specific pain points and concerns, you will be in a stronger position to find a vendor who can provide the support you actually need.

  1. Determine the Real Cost of Ownership

The cost of many solutions on the market today makes cybersecurity seem like an unaffordable luxury – but the cost of ownership may extend way beyond your invoice.

75% of a typical OpEx network budget is dedicated to network visibility and troubleshooting, but much of the downtime is attributed to manual processes and human intervention. Simplifying these processes through automation allows for more rapid changes and more accurate visibility into networks with significantly reduced downtime.

When looking at purchasing a one-off or subscription model cybersecurity offering, the price tag isn’t the only thing you should consider. The cost of training staff, cost of updating systems, and of course, the cost of downtime during a ransomware event, should be taken into account when considering the total landed cost of your new solution. In many cases, initial investment saves millions in the long run.

Find Your Team

It’s no secret that the tech industry is facing a serious lack of qualified talent. In fact, in a recent Gartner report workforce shortages were listed as the most significant barrier to the adoption of 64% of emerging technologies, ahead of cost and security.

Without the internal resources to manage an effective cybersecurity infrastructure, businesses must prioritize vendor relationships and explore strategies such as consolidation and automation that maximize the support available. During this process, it’s vital to select a vendor who spends more time listening to your needs and concerns than selling you on a solution. Find the team that aligns with your values and can integrate security into your ongoing operations.

This article previously appeared in the November 2022 issue of Cyber Defense Magazine.

Share

You Might Also Like...

IT Support by SADOSSecure, Fast Hosting for WordPress