The Colonial Pipeline cyberattack brings operational technology/OT security strategies to the forefront. According to a CSO article, it’s the lack of visibility into the security status of OT systems likely forced the shutdown of their pipeline operations. The significance of this cyber attack should have all critical infrastructure, services (hospitals, governments), or manufacturing companies (food production), re-evaluating their OT security strategies.
IT vs OT security
Traditionally IT and OT are managed separately. While information technology focuses on computer technology and managing data, operational technology focuses on technology used for monitoring/controlling industrial equipment, assets, processes, and events. Think of OT as devices that control the physical world (power grids, machinery, pipelines). This includes supervisory control and data acquisition (SCADA), industrial control systems (ICS), and distributed control systems (DCS).
In the past, OT systems were closed systems and not connected to public internets. They could only be accessed using secure terminals. That has all changed with the growth of Industry 4.0, digital transformation and IoT. Today, OT systems are connected using sensors, big data, and analytics. While this helps drive efficiencies and it creates new security risks.
With a more connected and integrated OT strategy, there are more places for risk. Remote workers and contractors or third-party partners need remote access to these systems to perform daily maintenance and other functions. Remote access is provided through VPNs which create significant security risks. They are designed to trust whoever enters the network and don’t provide monitoring or access controls required for OT systems. To further complicate things, remote workers are using home networks and personal devices, which are inherently less secure.
Hackers know these vulnerabilities and experts have warned critical infrastructure companies of the potential risk. If malicious actors gain access to your network and privileged credentials, they can move undetected through OT systems and change configurations, control equipment, and potentially harm workers or entire communities they serve.
OT Security Best Practices
When it comes to securing OT systems, managers need to evaluate their risk and build a strategy for securing their operational systems. Begin with these best practice tips:
- Increase Visibility into OT Systems – Companies need better visibility into their OT and industrial control systems to secure them, maintain them and quickly isolate potential security incidents. This technology is available for IT systems but not as readily used on OT systems.
- Update Software and Hardware Patches – Many OT systems have been in place for years or even decades, it’s important to make sure you have implemented any and all system updates of patches. This includes IoT devices.
- Always Back-Up Systems – Ransomware attacks are designed to block access to data and systems unless a company pays a ransom. Having a secure backup solution for your OT systems and devices will not prevent attacks but it helps to mitigate their impact. You will be able to restore systems and minimize downtime.
- Password Management for IoT – While companies have strict password policies for users, it doesn’t always apply to servers, applications, and IoT devices. Many companies use the default password that comes with these applications or devices. Companies need to secure these passwords and manage them in a password vault.
- Zero-Trust Remote Access – Companies need to implement zero-trust remote access strategies that “never trust, always verify” anything and everything connecting to your network before granting access. To do this companies can replace VPNs and use a secure remote gateway that brokers access using HTTPS to specific resources. Remote gateways work by securely locking a company’s OT systems behind their firewall forcing users to use the gateway to access critical assets. Access can then be verified, managed, and monitored through privileged credentials.
- Implement Privileged Access Management Software – OT systems require privileged credentials that have a higher level of access to systems and data. These credentials are used by privileged users and by machines, IT systems, or cloud software for intercommunication. Privileged access management software helps you secure, manage and monitor your privileged credentials. This includes IT, OT, IoT devices, and cloud-based applications used in digital transformation. PAM software helps you identify the privileged accounts and ensure all IOT / machine credentials are secure, authenticated, and rotated. This will help lower the risk of being impacted by advanced threats through unsecured IoT. PAM software can also send alerts to management of suspicious activity on OT systems.
At Xton Technologies, we work with companies all over the globe to strengthen their cybersecurity efforts by ensuring secure access to critical systems and data. Xton Access Manager (XTAM) delivers enterprise privileged access management (PAM) functionality in one affordable, cloud-ready platform. XTAM can be used as a secure remote gateway for secure remote access. The software combines a secure identity vault with approval workflow; a robust job engine with password rotation and discovery; and session management with recording. With XTAM you can provide secure access to IT and OT systems.