Have you ever daydreamed about cruising the streets in a sleek Tesla? Well, who hasn’t, right? Picture yourself behind the wheel of that cutting-edge electric marvel. But here’s a chilling thought: What if your dream ride could be hijacked without anyone even laying a finger on it?
Imagine hackers having the power to control physical things, like making a self-driving car stop, locking up a city’s water system, or messing with medical devices inside people’s bodies. It might sound like a movie plot, but it’s not science fiction. These cyber-physical attacks are very real, becoming a bigger worry as the tech evolves.
There used to be a clear line between Operational Technology (OT) and Information Technology (IT): IT was all about data – collecting, analyzing, and showing it to people. On the other hand, OT deals with the real world, like making machines work in factories. Until recently, OT systems functioned in isolation, without any connection to the internet, known as being “air-gapped.” This technical term was popular in the OT field due to the assurance of safety and reducing the chances of downtime, major concerns in the OT industry. But the emergence of the Internet of Things (IoT) has compelled the OT sector to gravitate towards online-based technology. Read more about IT/OT Convergence: How Smart is Your Factory?
This shift has consequently amplified the likelihood of cyberattacks targeting OT systems, and correspondingly, the IT industry is also susceptible. Therefore, the convergence of IT and OT extends the range of potential targets for hackers, resulting in a higher attack surface for both the operations environment and the data center. According to the US Cybersecurity and Infrastructure Security Agency (CISA), “The adoption and integration of Internet of Things (IoT) and Industrial Internet of Things (IIoT) devices has led to an increasingly interconnected mesh of cyber-physical systems (CPS), which expands the attack surface and blurs the once clear functions of cybersecurity and physical security.”
IT/OT Convergence and The Rise of Cyber-Physical Threats
The evolution of cyber technology has given rise to a new form of threat called “cyber-physical attacks.” While traditional cyber attacks focus on accessing confidential information from computer systems, cyber-physical attacks can direct hacked devices to perform deliberate actions with real physical consequences. These attacks have wide-ranging applications, with vulnerable devices encompassing anything from construction equipment to autonomous vehicles to voting machines. Once compromised, these devices can be used to cause infrastructure damage or even change voting outcomes.
Moreover, with the proliferation of the Internet of Things (IoT), a cyber attack on one device can lead to downstream errors in the data sent to other devices and create compounding errors that lead to a full-scale system failure. In fact, in a cyber-physical attack in Ukraine in 2016, cybercriminals targeted several power distribution centers, leading to unprecedented power outages for hundreds of thousands of residents. Had a similar attack occurred in a larger country, the consequences could have been far worse, given that several grid control systems lack manual backup functionality. Therefore, adopting preventive measures to defend against cyber-physical attacks is critical. Manufacturers of connected devices, software developers, and network providers must work together to protect end-users from potential breaches.
In a cyber-physical attack in Ukraine in 2016, cybercriminals targeted several power distribution centers, leading to unprecedented power outages for hundreds of thousands of residents. Had a similar attack occurred in a larger country, the consequences could have been far worse, given that several grid control systems lack manual backup functionality.
How Can Enterprises Navigate These Security Risks?
As the convergence of IT/OT becomes a reality, the protection once provided by air gaps between the two systems is no longer sufficient against external attacks. Cybercriminals and hostile nation-states pose a significant threat to the security of systems in converged environments. As such, implementing best practices is crucial to reduce this risk.
To begin with, the security team must undertake the important task of carefully identifying, classifying and inventorying all systems on the network. This process can be highly time-consuming; however, technology is available to assist with this aspect of the task. Once visibility is achieved, the security team must map the communication linkages between enterprise applications and OT systems. Understanding the necessary interactions for administration functions and patching requirements is essential.
Enforcing logical segmentation in IT/OT environments is critical to prevent attackers from moving laterally across the system via ransomware or stolen credentials. Segmentation forms the core element of IT/OT security, and it can at least decrease the blast radius of an attack, prohibiting it from reaching an essential database or other vital component.
Familiar IT security practices must be implemented in OT environments to support sufficient security measures. For example, the security team must ensure that all vulnerable or outmoded OT equipment is correctly patched and updated, even though this may be manual. Besides, monitoring the misconfigurations on both IT and OT systems is vital to minimize compromise on one system from propagating to the other.
Wrapping Up
The convergence of IT and OT enhances efficiency, cuts costs, and elevates profitability. But, it also unfurls the potential for peril. With the fusion of these worlds, new entry points emerge, ripe for exploitation – a potential breeding ground for grave security breaches. So, as businesses embark on this transformative journey towards IT/OT convergence, there’s a vital lesson to heed. Robust security measures are non-negotiable. It is no more a “nice to have.” It is a “must-have.”
____________
Written By: Poorva Saga
