Security for operational technology (OT) is steadily gaining attention. Most chief information officers (CIOs) / chief information security officers (CISOs) have recognized by now that simply duplicating security measures from information technology (IT) to OT is not achievable given the limitations and different environments. As hackers go beyond the common attack approaches found in the IT world, the targeted attack in OT becomes tougher to maintain.
Threat research data from both publicly and privately funded sources tells the same story: OT-focused attacks are becoming more prevalent. Although statistical data never reveals the future in terms of hacking targets and approaches, insider knowledge coupled with field observations do give us a forecast for OT cybersecurity trends in 2023.
1. OT/IT Convergence Changes Threat Surfaces
Although most successful attacks that occurred in OT environments were copied from the IT world, we cannot deny the upward trend of attacks using OT-specific protocols. The ability to identify and correlate between the IT and OT attackers’ footprints will be the reference point for security vendors to work from in 2023 and thereafter.
2. Geopolitical Turbulence Reshapes Threat Landscape
State-sponsored hacker activities will go even further than mercenary groups because they are pursuing returns beyond financial gain. Critical infrastructure is, and will continue to be, highly targeted. Among all the public-sector entities that our company’s research lab monitored, probing/hacking directly against governmental bodies accounted for 48 percent of the traffic. At the time of this article being composed, this trend remains consistent. Targeted hackings require more vertical-specific tools that carry out different purposes and, therefore, require different countermeasures.
3. Security Requirements Spur Organization-Wide Changes
With the heightened awareness of how crucial cybersecurity is in the OT space, the challenge of deploying security lies in how to manage it. In 2022, we saw some unfamiliar job titles and departments appear at the corporate level to supervise and manage security matters across the OT/IT boundary. This will continue to happen. Such organization-wide changes will bridge the gap between security recognition and reality. In our 2022 survey for OT security, 72 percent of the 900 respondents indicated their organization has been disrupted with a security issue more than five times within a year, but, in general, they couldn’t identify whether these disruptions stemmed from IT or OT. Only those involved to some degree in both IT and OT security were capable of answering that question.
4. Active Protection Overtakes Detect-and-Respond in OT
Endpoint Detection and Response (EDR) or Extended Detection and Response (XDR) types of services play important roles in IT to discover unknown threats with predictive intelligence. But, they are not quite up to par for OT until they can drastically filter out the noise of false positives and other managerial hassles, as OT cybersecurity teams are often understaffed. Previously, active protection was not widely adopted in OT because of the heavy system footprint, internet dependency and compatibility issues with legacy operating systems such as Windows XP. Now that OT security is finally in the spotlight, more security vendors will collaborate to tailor their products for OT. Plus, the active protection is the most effective way to prevent the traditional viruses and worms which are still popular attacking vectors in the world.
5. Competition Widens Security-Maturity Gap Within Verticals
While the raider group is seeking more advanced security implementations, the survivor group is still struggling with the resources to maintain basic protection. In keeping with the adage of winner takes all, we see powerful organizations enforcing OT security upon the entire supply chain of a vertical. The raiders know what to do and take the lead for other industry counterparts, while the survivors can only do their best to keep up. For example, the Taiwan Semiconductor Manufacturing Company (TSMC) was a game-changing raider group that not only played a major role in establishing the specifications for fab equipment cybersecurity (SEMI E187) but also strongly influenced the industry to adopt these specifications.
6. Regulations: The Driving Force of OT Security
OT security adoption and awareness is reaching new heights, due to both the Biden administration’s allocating $11 billion toward civilian cybersecurity spending and the collateral effects from other public domains. Private domains such as critical infrastructure and strategic, nation-sponsored industries will push for enforcement of security, mainly through regulations and standards to make sure that its execution can be identical in quality and level of confidence around the globe.
Digital transformation is an unstoppable trend. Most people working in the OT field are under immense pressure to go smart, and that will eventually involve more interconnected devices in the field and more intelligence gathered from cloud technologies.
Organizations in 2023 will most likely need to move forward with a mixture of legacy and modern devices, as well as a mixture of network adoption methods for various organizational missions. With that being said, a multi-layered security deployment approach needs to be applied to ensure every asset is covered throughout their entire lifecycle so that none of them inadvertently becomes a major weakness of the organization.