Gartner has revealed that as attack surfaces increase in critical infrastructure, the need to address physical threats and cyber threats will lead to the need for higher levels of adoption of emerging technologies to address security threats spanning these environments.
Perfect prevention is not possible, especially given that critical infrastructure continues to be a segment riddled with outdated ‘brownfield’ assets, Gartner said.
Critical infrastructure security leaders must observe tactics, techniques, and procedures (TTPs), including against spear phishing that obtains initial access to the organization’s IT network before pivoting to the operational technology (OT) network, Barika Pace, Gartner’s senior research director, wrote in a blog post. Attacks also involve the deployment of commodity ransomware to encrypt data for impact on both IT and OT networks, and connect to internet-accessible programmable logic controllers (PLCs) that require no authentication for initial access, she added.
The threat landscape must include risk mitigation strategies using commonly used ports and standard application layer protocols to communicate with controllers and download modified control logic, Pace wrote. There also exists a lack of controls related to modifying control logic and parameters on PLCs, memory attacks, and cyber-physical attacks, due to their nature of connecting the cyber and physical worlds. Critical infrastructure faces security threats unlike any other IT enterprise system, ranging from siegeware to GPS spoofing, she added.
The threat landscape continues to evolve, with the U.S. National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) issuing an Alert (AA20-205A), recommending immediate actions to reduce exposure across OT assets and control systems in the middle of last year, according to Pace. At present, the industrial threat landscape includes, but is not limited to, international and national terrorism by non-state actors, nation-state-sponsored cyberattacks, brownfield OT/IT convergence acceleration, and IT/OT/IoT convergence.
Cyber terrorists are intent on disrupting critical services or causing harm. For instance, last month industrial cybersecurity company OTORIO said that a group of Iranian hackers gained access to a human machine interface (HMI) system at an Israeli reclaimed water reservoir, and published a video hack. The target was unprotected and directly connected to the internet, without any security appliance defending it or limiting access.
Nation-state-sponsored cyberattacks, such as the recent supply chain cyber incident involving federal government networks using SolarWinds Orion products, have created a new market for bad actors and accelerated the monetization benefits of these attacks. US security agencies warned that an Advanced Persistent Threat (APT) actor, likely Russian in origin, is responsible for most or all of the recently discovered, ongoing cyber compromises of both government and non-governmental networks.
Brownfield OT/IT convergence acceleration, and a growing number of greenfield cyber-physical systems push OT security needs to evolve, and more IT security leaders to become involved as threats and vulnerabilities increase, Pace pointed out in her post.
The convergence of IT and OT systems, combined with the increased use of the Internet of Things (IoT) in industrial environments, is challenging many security practices to define the best security architecture that aligns with transforming and modernizing environments, according to Pace. The air gap is eroded for OT owners, she added.
Nozomi argued on similar lines stating the pursuit of competitive advantage has driven organizations to embrace new technologies and processes to reduce costs and improve efficiency. In the last several years, IoT has been commonly cited as the “next big thing” that will disrupt a range of industries like manufacturing, transportation, and logistics, wrote Patrick Bedwell, a senior director for product and partner marketing at Nozomi Networks, in a post.
What many operators may not realize is that the adoption of large volumes of IoT devices will occur in virtually every industry, not just a few. “Simply put, the scope of change this adoption will demand in the IT and OT ecosystem is enormous,” Bedwell added.