A Guide to Securing Critical Infrastructure & OT

  /  ICS Security   /  Cybersecurity   /  A Guide to Securing Critical Infrastructure & OT
critical infrastructure

A Guide to Securing Critical Infrastructure & OT

2021 saw several attacks on critical infrastructure, which resulted in the U.S. government pivoting to issue directives intended to address cyber protection and readiness. Unlike enterprise IT, OT organizations have little to no flexibility when it comes to downtime – availability is crucial.

Attacks against OT systems and critical infrastructure can have dire consequences for the lives and safety of both workers and consumers. For countless health and safety reasons, it’s vital to keep critical infrastructure running and secure. Despite this fact, the Fortinet 2021 State of Operational Technology and Cybersecurity survey found that 9 out of 10 OT organizations experienced at least one intrusion in the past year. The problem is that because IT and OT networks are increasingly interconnected, almost any access point could be a target to gain entry to the corporate infrastructure.

What is OT Security?

OT (Operational Technology) Security refers to the practices and measures put in place to safeguard the operational technology systems and networks used in industrial and critical infrastructure environments. Unlike traditional IT (Information Technology) security, which primarily focuses on protecting data and information systems, OT security is concerned with safeguarding the physical equipment and processes that are essential for the functioning of industrial operations.

OT Environments Are Prime Targets for Ransomware

It is clear that attacks on OT infrastructure are not going to slow down. Among the OT organizations that participated in the survey, 58% reported phishing attacks, up from 43% the previous year. There also was an increase in insider breaches at 42%, which is up from 18% last year.

But that’s not all. The situation with ransomware has become worse, as well. According to a FortiGuard Labs Threat Research report, ransomware incidents increased nearly eleven-fold from 2020 to 2021. In OT, ransomware attacks aren’t just inconvenient and financially disturbing – they can also be extremely dangerous. And now that malicious cyber actors have carried out successful attacks on OT systems and critical infrastructure, they’re scaling it. Cybercriminals have figured out that profit from successful attacks is but a single campaign angle, as they can likewise profit from the reuse of tactics, techniques, and tools. Now, they resell their malware online as a service. In the past, only those with specialized knowledge had the skills to attack an OT system, but today, all an enterprising attacker needs is to buy an OT attack kit on the dark web.

Strategies to Securing OT Critical Infrastructure

The impact and consequence of attacks targeting OT platforms this year have been severe. Cybercriminals are determined and persistent, so staying ahead of threats demands a multifaceted approach. Clearly, OT organizations need to double down on implementing cybersecurity best practices.

Network visibility is a key component of any security strategy, but OT systems also require control and containment within the infrastructure to reduce the damage from an attack. Because of this, OT organizations should incorporate zero trust access (ZTA) into their security strategy. The zero trust network model ensures that an individual, application, or device only has access to the resources they need to perform their specific role or function and nothing more. ZTA strictly limits the range and level of engagement. This way, if a role or access privileges are compromised or behaviors are suspect, an attacker’s access to the OT network is restricted. OT organizations also should proportionally invest in behavioral analysis methods to quickly detect and neutralize any suspicious behavior.

OT Security Challenges Ahead Demand a Platform Approach

The dynamic security landscape and the threat challenges associated with IT and OT convergence are creating new challenges for OT organizations. To effectively secure critical infrastructure, CISOs require solutions that can span their entire IT and OT network environments with solutions that meet the needs of both sides of their organization. The OT Threat Landscape This Year

Further, to gain complete enterprise visibility and control, OT organizations must deploy cohesive solutions across their converging IT and OT networks. A platform approach is essential for OT organizations since their security considerations must extend beyond the on-premises system. They must also cover the operating system, the network infrastructure, and take the increased dependence on enabled Internet of Things (IoT) and Industrial Internet of Things (IIoT) devices into account.

OT organizations should put a proactive cybersecurity strategy in place with a focus on visibility, control, and behavior analysis. To safeguard critical OT systems, every point of connection to the outside world must be protected. After all, cybercriminals certainly aren’t going to let up in 2022, and neither should you.

Originally this article was published here.


About The Author

CISO Operational Technology North America

Rick brings the Fortinet OT-CI team more than 37 years of cybersecurity and global partnering experience working across foreign, domestic, and commercial industry sectors at the National Security Agency ...