Attackers are essentially running a criminal business, and it seems like they are waking up to the fact that the value that can put on an attack against OT infrastructure is very clear, compared to the IT attacks where data is stolen, Paul Griswold, chief product officer for Honeywell‘s Connected Cybersecurity business, said on Wednesday in a Honeywell Fireside chat.
“In the OT world, you can say, alright if this thing is down for hours, it is costing me hundreds of thousands of dollars. It seems interesting that there is a clear dollar value for what these types of disruption will cause them,” Griswold said in the online conversation with Andrea Carcano, co-founder and chief product officer at Nozomi Networks.
Agreeing with him, Carcano said there is a realization on the customers’ side that these types of attacks are becoming more common. He also sees a clear association between stopping a supply chain or a pipeline for a certain amount of time and money that a customer can lose, unlike in stealing data that often happens in IT. “I’m not saying that that is not critical and not important but sometimes you know companies prefer to downplay and simply make an announcement, apologize, ask a customer to change credentials, and stuff like that,” Nozomi’s Carcano said.
“When you block a critical process, then the clock starts ticking and companies are losing lots of money,” Carcano said. “And, of course, it becomes easier especially when money is the goal of the hacking community. So clearly they understood that and clearly, they are focusing their attention on these types of attacks.”
Moving on to IT/OT convergence, Honeywell sees customers at various stages of that journey. “Some are earlier on, some are more advanced. You still have a lot of people who are treating IT and OT separately, and oftentimes OT is behind,” Griswold said.
“So when you work at OT, sometimes that’s just been separated and [made the] responsibility of the OT operators to make sure they are secure. Oftentimes there are policies in place. But not as much continuous monitoring,” Honeywell’s Griswold added. “But I do think we are seeing a shift there, where people not only in the security community but even boards of directors are saying these environments present a hazard that we need to get a handle on.”
He sees an increased demand for Honeywell’s services because of that, as customers see a demand for continuous monitoring and more visibility into OT infrastructure.
Nozomi likewise sees a trend where OT infrastructure is suddenly becoming much more of a hot topic in terms of continuous monitoring. “You believe you have an OT network, but if you look inside the network, you will realize that it is just the network. You will label that OT, but at the end of the day, inside you will have everything, and in many cases, you will have more devices that cannot be labeled as OT than other devices,” Carcano said. “But at the end of the day, that network is still very, very important because it is attached to a physical infrastructure.”
Nozomi’s Carcano sees it necessary to have a combined approach to IT and OT infrastructure because that convergence is happening.
“The OT world is, like you say, very all-encompassing, and you can’t compare it to IT,” Honeywell’s Griswold said. “What we found is a lot of companies have IT well figured out – they have been doing it for many years. That’s where they started, they will use the latest technologies, and they have got nice upgrade cycles on their laptops, and they get into new hardware every two to three years. Everything is pretty state of the art there.”
But, when organizations start layering in the OT world and its legacy systems made up of control systems and instrumentation, the scene changes. “You have additional dynamics that just aren’t standard on the IT side of the house, and we see this even with skill sets challenges, as well,” Griswold said.
“Lack of that continuous monitoring, that continuous assessment is certainly a big gap, and on top of that, I think that, when you look at patching cycles, in the IT world, you can more or less pretty much patch laptops every month on Super Tuesday from Microsoft. You have patches rolled out pretty well, and that’s a pretty solved problem. It’s certainly more complex on critical servers and things like that,” Griswold added.
Honeywell sees process integration at a point where OT is coming in a little bit later in terms of some of the cybersecurity best practices, and the IT is already in place. “So, OT basically is going to need to attach to those security best practices and procedures that already exist,” according to Honeywell’s Griswold.
Looking at operational changes that the COVID-19 pandemic introduced, Griswold sees that remote operations are here to stay. “I know from our perspective there’s certainly been a great increase over the past year or so in remote operations. For many of our customers, the increase in remote access and having secure control of remote access into plants is something that has jumped off the charts here and we expect that trend to continue.”
Nozomi’s Carcano also has had more inbound requests from customers since the beginning of COVID-19 pandemic to reduce existing structures or give remote employees the possibility of access to the plant remotely. Nozomi had some of its customers in different verticals moving from remote control of only 9 percent of their plants to 60 percent over three months.
“But, as it happens many times in this type of world, they found themselves thinking about cybersecurity after they solved the business requirements,” Carcano said. “Fortunately, it’s not always like that, but I’ve seen that multiple times.”
He doesn’t believe the world will go back exactly to the same position it was before COVID stuck. “Because simply we realize that there are so many activities that can be done remotely, and it works.”
Another new change coming to OT infrastructure is cloud access. Honeywell also has some newer cloud-based offerings with edge-based cloud connectivity. In March, Nozomi launched its scalable SaaS Vantage platform that accelerates digital transformation for the largest and most complex distributed networks.
“We believe that cloud is a component that has to be considered. You need to be part of the equation,” Carcano said. Having data reaching the cloud poses new threats, but the benefits of having the data in the cloud must be considered, he added.
Honeywell boosted OT cybersecurity by aligning with Nozomi Networks in November last year to integrate the strengths of Honeywell Forge Cybersecurity software, professional consulting and managed security services with Nozomi Networks’ OT capabilities. The alliance enables users to access offerings that manage cybersecurity compliance and bring down the risk of downtime due to cyberattacks.