OT networks were under increasing attack last year, according to Skybox Security’s recently published 2019 Vulnerability and Threat Trends Report. In this blog, we’re examine why such attacks are on the rise, identify the roadblocks standing in the way of much-needed progress and give advice about how you can secure your OT network.
OT Networks Increasingly Targeted by Cyberattackers
A steady increase in OT attacks should raise significant concerns for security professionals. The report highlights how 41 percent of ICS computers were attacked at least once in the first half of the year: a five-point rise on statistics gathered over the same period in 2017. Knowing how critical OT networks are, and how prized OT attacks are in the minds of nation states, cybercriminals and hackers alike, this increase will pile more pressure on security teams to improve OT network protection. Considering how notoriously difficult these networks are to secure, this will be no mean feat.
Technological advancements have increased the number of ingress and egress points in connected OT systems. With poor visibility of the environment and a lack of oversight from security teams, OT networks are ripe for attack. 2018 saw a 10-percent increase in the number of attacks over the previous year, and the situation is unlikely to improve in 2019. If history is any indicator, it’s going to get worse.
Why Are OT Networks So Vulnerable?
For decades, OT systems have leveraged the benefits of IT connectivity to control and monitor devices. But all too frequently, such environments and the devices within them were set up without strong security measures, elevating risk and allowing it to pass between the IT and OT networks, weakening the security of both.
A 2018 report from CyberX revealed that 40 percent of industrial sites around the world have at least one system directly connected to the internet. The report also exposed how most of these sites are ill-prepared to deal with online exploits. 69 percent of these organizations use SNMP v1, 2 and 2c plaintext passwords within their networks. Although the use of these protocols is often necessitated by older ICS devices which cannot be upgraded to SNMP v3 or SFTP, it’s still true that critical elements of OT networks are left open to attack.
Why is Security in OT Networks Such a Challenge?
More and more CISOs are being tasked with getting a handle on securing their organization’s OT networks. It’s no small task, and comes with many challenges:
- Visibility due to scale, complexity and oversight powers leaves many OT networks in the dark
- Legacy technology is rife in OT networks, with some incapable of taking on modern cybersecurity practices (e.g., passwords, encryption)
- The proliferation of the industrial internet of things (IIoT) has introduced a new, large and varied class of technology that has introduced its own security problems (e.g., devices with hardcoded weak or generic passwords)
But the biggest challenge CISOs face is in the nature of the OT network itself: its number one concern is uptime. The effects of this focus can be felt most acutely in vulnerability management. Due to the disruption it may cause, active scanning is prohibited, thus many organizations without a passive option simply are unaware of the vulnerabilities present in OT. Similarly, patching windows are few and far between, as the importance of taking a machine offline to test and install a patch is often a distant second to the machine’s all-important uptime.
So, there’s a stalemate. If the CISO is unable to communicate just how important it is to install a patch — or implement a mitigation measure — then the technology will continue to remain vulnerable.
5 Ways to Protect Your OT Networks
No matter the challenge, the buck for OT network security stops with the CISO. It’s their responsibility to holistically manage risk throughout the entire organization. In order to achieve this, businesses with OT networks must:
- Passively collect data from the networking and security technology within the OT environment
- Build an offline model encompassing IT and OT to understand connectivity and how risks could impact either environment
- Use purpose–built sensors to passively discover vulnerabilities in the OT network
- Incorporate threat intelligence and asset exposure to prioritize OT patches
- Leverage the model to identify patch alternatives to mitigate risk when patching isn’t an option
The threat to OT network is just one of the focuses of the 2019 Vulnerability and Threats Trends Report. Keep an eye on the Skybox View for more insights or download your copy of the report today.
Attacks on Cloud Networks Likely to Increase in 2019: Skybox’s Vulnerability and Threats Trends Report highlighted cloud vulnerabilities as raising particular concern – we explain why in the blog
Zero-Day Attack on Russia Prompts OOB Patches: How Microsoft and Adobe scrambled to fix an exploit in Flash Player