Amarandhar Kotha is Managing Director of Datacipher, a system integrator, networking, and cloud security services company.

Operational technology (OT)—once isolated—is now increasingly vulnerable due to IoT connectivity. Cybercriminals can exploit vulnerabilities on devices within the same network as critical machines, potentially crippling the entire OT infrastructure.

Numerous cyberattacks have disrupted OT operations, halting production and causing significant financial losses. A notable example is the attack on JBS, which halted its global meat production for three days and resulted in an $11 million ransom payment.

AI is accelerating the sophistication of these attacks, making OT environments even more susceptible. With 32 billion IoT devices expected by 2030, fortifying OT systems against these evolving threats is more urgent than ever.

Securing OT Systems Against Modern Threats

OT teams excel in managing industrial processes but often lack current IT security knowledge. This is a concern because OT systems, built to run for decades, often use outdated software, making them vulnerable. The complexity of interconnected devices and custom-built systems further complicates security, and traditional solutions usually fall short.

However, in my experience, industrial organization leaders recognize the evolving cyber threat landscape, especially AI-driven attacks on OT systems, which are their most pressing concern, as AI can identify and exploit weaknesses with unprecedented speed and precision. To safeguard OT systems against these threats, the following are four measures to take.

1. Secure Your Perimeter: Robust Network Segmentation

From my experience working with industrial organizations, I noticed a crucial mistake that leaves their critical infrastructure vulnerable—ineffective network segmentation. Threats typically breach IT systems first and then spread to OT infrastructure. Ineffective segmentation can ease infiltration and aid the rapid spread of AI-driven threats, effectively putting critical infrastructure in danger.

This is why I suggest robust network segmentation practices. These entail splitting the network into smaller zones, each safeguarded by firewall access, ensuring only authorized communication between devices occurs. This practice helps you swiftly detect and contain the attack, giving organizations enough time to act before threats reach critical OT systems.

2. Establish A Stronghold: Adopt A Zero-Trust Framework

Malicious insider threats, although less common, are a reality. I’ve witnessed several instances where disgruntled employees tampered with critical systems, resulting in severe repercussions.

This is why I suggest organizations have a zero-trust framework in place. A zero-trust framework asserts that no user, device or network can be trusted until authenticated. It requires continuous authorization and validation for all users and devices, whether internal or external.

The framework constantly monitors for behavioral and contextual anomalies, such as unusual login times or activities from unexpected devices. Moreover, it enforces the principle of least privilege, allowing users and devices only the access necessary to perform their tasks. These measures can effectively mitigate the risks of unauthorized changes and safeguard against malicious insider threats, fortifying your organization’s defenses.

3. Fortify Key Assets: Identification And Prioritization

Despite robust measures, no one can guarantee protection against increasingly sophisticated threats. This is why it’s essential to have a comprehensive, up-to-date inventory of all OT assets and a centralized management system to view and manage them.

This strategy could help identify critical assets, those nearing their end of life and those with high-risk vulnerabilities. By prioritizing these assets for targeted security measures, organizations can mitigate threats and respond more quickly to attacks, minimizing damage.

For instance, when Norsk Hydro was hit with a ransomware attack, the company refused to pay and swiftly shut down its entire network. They switched to manually operating their critical infrastructure to keep production running and were eventually able to restore their operations.

4. Prepare For Challenges: Master Incident Response And Business Continuity

When attacked, chaos can erupt, and instantly figuring out remedial measures can be onerous. In OT environments especially, the stakes are higher, and the consequences are severe. Being adequately prepared against these attacks with an incident response plan can help minimize damage, enable rapid recovery and ensure business continuity in the OT environment.

For instance, when ThyssenKrupp’s IT team detected a threat in its automotive unit, they immediately executed their incident response plan, shutting down systems and halting factory production. The swift action, made possible by the availability of a detailed plan, contained the attack and prevented its spread.

Looking Ahead

It’s commendable that industrial organizations are ramping up their cybersecurity efforts by adopting measures like network segmentation, zero-trust frameworks and internal security training. However, the effectiveness of these measures depends on the presence of OT security experts. Although organizations might secure their broader infrastructure, they frequently overlook the unique vulnerabilities of OT environments, leaving them exposed to AI-enhanced threats, owing to the OT security skill gap. Besides specialized training programs and hiring OT security experts, consider creating cross-functional teams where OT and IT teams collaborate to ensure ongoing knowledge sharing and alignment with the latest security trends.

Conclusion

Given the growing concerns among OT leaders about AI being used to fuel cyberattacks, it’s natural to wonder if AI is just a weapon for attackers. But that’s far from the whole story. AI is also a powerful ally in defending operational technology. By harnessing AI, companies can improve threat detection, automate responses to incidents and address the shortage of skilled security professionals. AI’s ability to learn and adapt helps anticipate and neutralize threats, keeping critical infrastructure safe from increasingly complex cyberattacks. In today’s evolving security landscape, adopting AI is crucial to staying protected.


Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?


Share.
2024 © Network Today. All Rights Reserved.