Gartner, the global market research firm, predicts that cyber-attacks will successfully exploit OT environments as a weapon to harm and kill people by 2025. This revelation comes against the backdrop of a widening range of cyber-attacks against OT environments that include hardware and software responsible for monitoring and controlling equipment, assets, and processes.
These attacks have evolved beyond attempts to sabotage operations and shut down factories, and have begun to affect the integrity of industrial environments with the intent to inflict physical damage, while other simultaneous events – such as attacks using Colonial Pipeline ransomware – have highlighted the need for isolated networks that adequately separate IT infrastructures from operating environments.
“Within operational environments, people’s safety and the work environment should be a priority for security and risk managers rather than concerns about data theft,” said Wam Foster, senior director of research at Gartner.
According to Gartner, security incidents in operational technology environments and other electronic physical systems have three main drivers: physical harm, business disruption (reduced productivity) and reputational damage (manufacturer credibility and reliability).
Gartner predicts that financial losses from cyber-physical systems attacks that may cause fatal injuries will reach more than $50 billion by 2023. Without taking into account the loss of human life, the costs to organizations in terms of compensation, litigation, regulatory fines and reputational damage will be very high. Gartner also expects that most CEOs will be personally responsible for such incidents.
10 Security Controls to Protect OT Environments
Gartner recommends that organizations adopt a framework of 10 security controls that enhance the security posture throughout their facilities and prevent the harmful consequences of security incidents in the digital world from reaching the real world.
1. Define responsibilities and roles
Each facility should have an OT Security Manager who defines and documents the security-related roles and responsibilities of all employees, senior managers, and other parties.
2. Adequate awareness and training
Employees in OT environments must possess the skills required to perform their roles, by training employees in each facility to identify security risks, areas most vulnerable to attack, and actions to take in the event of a security event.
3. Security response mechanisms and their testing
It must be ensured that each facility implements procedures that address security incidents affecting operational technology, including four main stages: preparation; detection and analysis; attack containment, eradication and recovery; and apply subsequent actions.
4. Backup & Restore
Ensure that proper procedures are in place for backup, restore and disaster recovery, while avoiding storing backup media in the same location as the systems to reduce the consequences of physical accidents such as fire. Backup media must be protected from misuse or unauthorized access to its contents. In order to deal with the aftermath of high-risk incidents, backups must be made available on entirely new systems or virtual machines.
5. Monitor portable storage devices
Policies should be implemented to ensure that all mobile data storage media and devices are subject to security scanning, regardless of who or who owns them, and that storage media can only be connected to OT environments after ensuring that they are free of malicious software or code.
6. Updated list of assetsوجود
Security managers must maintain a constantly updated inventory of assets for all OT hardware and software.
7. Proper isolation between networks
OT networks must be physically and logically isolated from any other network, internal or external, making sure that their traffic passes through a secure gateway that acts as a security buffer, to which access is subject to multi-factor access authentication mechanisms.
8. Maintain event logs
Appropriate policies and procedures should be implemented to automate the work of records within OT networks and reviewed for potential and actual security events, ensuring that those records are retained for specified periods of time and protected from tampering or modification.
9. Deploy safe and standard settings
Secure and standardized settings must be developed and deployed across all vulnerable systems such as endpoints, servers, network devices, and field devices, and endpoint security software such as anti-malware software must be installed and activated across all components of the OT environment.
10. Official procedures for the approval of software patches
Procedures for approval of software patches by equipment manufacturers must be in place prior to their use. Once the certification process is completed, patches can only be applied to the appropriate systems and at predetermined time intervals.