By Graham Bushkes
The geopolitical climate has far-reaching implications for cybersecurity. Warnings from governments, including those of the Five Eyes, indicate that situations like the Ukraine conflict could still result in increased cyber-attacks for all nations. Critical infrastructure powered by operational technology (OT) is among the targets of interest.
OT systems control the critical infrastructure that nations depend on— water and sewer systems, power plants and the electrical grid, transportation, and manufacturing. We rely on OT systems to keep our communities and economy humming. And Fortinet’s 2022 State of Operational Technology and Cybersecurity Report found that security efforts must ramp up to protect OT systems against rising threats.
Once air-gapped from IT systems, digital transformation paved the way for OT systems to converge with IT – making them increasingly vulnerable to cyberattacks. The 2022 report findings support this, with 90 per cent of OT organizations having experienced an intrusion in the past year and 78 per cent experiencing more than three.
The report was based on a survey of over 500 global OT security professionals. While it indicates that some limited progress has been made, much more must be done to fully protect the industrial control system (ICS) and supervisory control and data acquisition (SCADA) devices that control and monitor key infrastructure.
The report highlights the best practices of the few organizations that emerged relatively unscathed by cyberattacks in 2022. These best practices offer a roadmap for all OT organizations focused on securing their mission-critical systems and improving their security stance.
Make security matter. The most successful organizations in the survey were more likely to have prioritized security by listing vulnerability response time as a top success metrics. These same organizations are also 44 per cent more likely to track and report intrusions as they are detected and remediated.
Security is also top of mind for their executive level, with this group 48 per cent more likely to report security issues to the executive leadership. It makes sense that organizations prioritize OT security as it tends to impact the bottom line. In fact, nearly half of the organizations surveyed suffered intrusions that resulted in a productivity-hit and one-third saw revenue, data loss, compliance, and brand-value impacts.
Visibility means vigilance. Top-tier organizations are 32 per cent more likely to have their security operations centers (SOCs) monitor and track OT security. Traditionally, programmable logic controllers (PLCs)—the brains of any industrial control system (ICS) or OT system rarely verified the authenticity of message senders, and controller communications had zero encryption capability. Now, industrial processes connect to IT systems, delivering enhanced productivity, efficiency, responsiveness, and profitability, but also increase risk.
Organizations that managed to avoid intrusions in the past 12 months were more than likely to have a network access control system such as FortiNAC in place. This cutting-edge security tool ensures only authorized people can access critical systems and digital assets.
End-to-end visibility of OT systems is another hallmark of the top performers – the six per cent that didn’t experience an intrusion. This rarified group was three times more likely to have achieved centralized visibility. One way OT organizations can achieve this, is through the adoption of a mesh platform approach like the Fortinet Security Fabric, which offers centralized visibility across OT and IT systems.
Control complexity: Finding the right vendor to provide that visibility is always a challenge. The report found that a vast majority of organizations use between two and eight different security vendors for protecting their industrial devices of which they have between 100 and 10,000 devices in operation. This complexity can challenge security teams as they juggle vendors and chase gaps in their cyber defense.
Of the organizations in the survey that experienced 10 or more intrusions – the bottom performers – none were using just one vendor for their IP-enabled OT devices. This difference demonstrates how integrated security solutions can help security teams reduce their organization’s attack surface and improve their security posture.
These best practices demonstrate the path any business must take to successfully secure their operational technology (OT) systems. By investing in their security efforts, leveraging new technologies such as predictive behavior, orchestration, and automation technologies to establish true zero-trust access and defend against threats coming from malicious and well-meaning insiders, external cybercriminals, and state-sponsored attackers.
Graham Bushkes is Vice President Sales Canada, Public Sector and Channels at Fortinet