Will Catastrophic Loss Drive OT/IT Convergence?
Cyberattacks on strategic infrastructure are increasing in frequency and sophistication, escalating risk and compliance issues for industrial and sovereign operators. This makes it imperative for OT (operational technology) and IT (information technology) teams to work together to protect these assets and the trove of data they produce.
But will it take catastrophic loss for this convergence to occur?
Digital transformation has spread to every industry and government agency with the promise of analytics-driven payoffs in cost efficiencies and operational intelligence. This transformation, however, opens an unprecedented number of attack surfaces and threat vectors, as disparate and legacy systems join newer IIoT (Industrial Internet of Things) devices being connected to the Internet.
Gaping holes in data quality and integration with IP/TCP (Internet Protocol/Transmission Control Protocol) networks and their fragmented security layers leave both industrial control systems (ICSs) – and the IP data infrastructure they are increasingly interfacing with – vulnerable to debilitating attacks. These attacks can range from disrupting production facilities and supply chains to crippling vital services and safety systems.
The consequences can be severe: financial losses, regulatory fines, reputational damage, loss of control over critical infrastructure and services, and health issues, including environmental harm and loss of lives.
Cyberattackers, particularly from sovereign states, are principally motivated by disruption, disablement and control. Unlike criminal hackers, data or financial theft is secondary. Attackers can use search tools such as Shodan to identify vulnerable devices. In the digital age, the aftermath of a full-blown cyberattack may dwarf the devastation wreaked by conventional warfare.
A Higher Purpose for Convergence
The DevOps movement emerged nearly a decade ago on the premise that continuous incremental improvements would result in higher-quality code, driving cost and productivity benefits from faster release cycles. At the time, many doubted that developers and operations teams could work effectively together. Today, DevOps is mainstream. And the benefits from OT and IT convergence are being realized by many organizations.
The stakes for OT/IT convergence are substantially higher. Speed and cost efficiencies are certainly desired outcomes. But the primary focus must be on cybersecurity to protect critical infrastructure based on a zero trust mentality.
Smart buildings have no walls. They leverage pervasive wireless connectivity, sensors and IoT technologies to communicate and analyze data that is used to control and optimize building management and the ICSs within them. It is these same technologies that open vulnerabilities when building automation systems are linked with the Internet.
Interoperability among smart building elements is challenging enough. OT security was never designed to interoperate with IP/TCP data networks that ran the rest of the enterprise. The separation was deliberate. Cyber hackers have already launched successful attacks on industrial networks by exploiting connected sensors and gaining access to physical infrastructure.
Thus, applying IT security to the OT environment can cause disruptions in equipment and devices. This can lead to self-inflicted denial-of-service attacks, as companies take facilities offline once elements in the system become inaccessible. In most environments it is untenable to do so; but for IIoT devices such as jet engines or hospital ventilators, it is impossible.
Today, ICS security systems need to be integrated with IT security if cybersecurity objectives are to be met. As with DevOps, this convergence can only be achieved in an environment of communication, collaboration and trust.
A Different Approach to Cybersecurity
A topography of systems assets and interrelations is a necessary first step. OT and IT teams are familiar with their own infrastructures and software. But each needs to have a fundamental understanding of the other’s respective stacks, and how changes can impact both.
In the case of the OT teams, it is the OSI model they have to learn. In the case of the IT teams, it is the Purdue model. Deeper understanding of the interrelationships between layers in the stacks will enable converged teams to take a more holistic approach.
Visibility into traffic traversing both ICS and IT networks is clearly critical. But given forecasts of up to 75 billion devices being connected to the Internet by 2025, AI-based systems with advanced machine learning and analytics capabilities will become table stakes in cybersecurity defenses.
The benefits of the Fourth Industrial Revolution (4IR) have the potential to be as transformative – if not more so – than its predecessors. But unlike the commodities that fueled prior revolutions, data poses unique challenges.
Today’s network complexity is not only a challenge to humans, who are so inundated with alerts and false positives that many get overlooked. Integration and data quality challenges will also tax current cybersecurity technologies.
Converged OT/IT teams can ensure stronger defenses in the face of challenges posed by external cyberattacks, outmoded network and edge security, and internal data misuse by either ambivalent or malicious insiders. As ICS platforms better interface with IT systems securely, organizations can realize the benefits of improved assets management and operational visibility across converging OT/IT infrastructure.
My next blog will look at different approaches to protecting critical infrastructure in this convergence, including microsegmentation and host ID protocol (HIP).
This article was written by Gabriel Lowy, the Founder & CEO of TechTonics Advisors.