Two recently released reports highlight the increasing challenges faced by security practitioners, particularly those who have larger and more integrated systems between their IT and OT environments.
A whitepaper by OTORIO released in February found that the wireless Industrial Internet of Things (IIOT) as it is commonly used, poses significant risks to OT environments due to its direct connection to both the internet and internal OT networks, creating a “single point of failure and potential breach that can bypass all security layers.”
The research also found that a wireless IIoT device breach could allow hackers to bypass every layer, including intelligent devices as well as control, manufacturing operations and business-logistics systems. Having both cloud management and wireless connectivity increases this potential attack surface.
In order to combat these threats, the report recommends several things, including a zero trust policy between cells and the control center so that an attacker who compromises a single cell can’t reach other cells or services; and a proxy address for internet-managed devices such as industrial cellular gateways and intelligent field devices.
And a recent report by TXOne Networks, a cybersecurity solutions provider, produced in collaboration with Frost & Sullivan, found that a concerning 94 percent of IT security incidents have also impacted the operational (OT) side as IT and OT have become more integrated.
The report is based on a survey of 300 C-Suite officers, directors and managers around the world.
“In ICS/OT, there are many constraints imposed by design,” said Terence Liu, CEO of TXOne Networks in a press release. “Addressing security issues under such circumstances requires a unique set of solutions and methods, as opposed to repurposed approaches from IT. “OT-native cyber defenses for ICS/OT are entering the mainstream. As ICS/OT evolves over time, new technology adoptions like IIoT, hybrid cloud and 5G networks will continue to ramp up, and visionary solution providers are preparing for that future.”
Insights Into ICS/OT Cybersecurity 2022 is available to download for free and explores in more depth the driving forces in industrial control system security, a rise in trade protectionism, heightened awareness of potential losses and intensified regulatory focus.
The issue of cybersecurity recently gained even more national attention with the release by the Biden administration of the National Cybersecurity Strategy this month. Calling the 2020s a “decisive decade,” the announcement from the White House outlined its vision for enhancing cybersecurity in all spheres with a five-pillar approach, including defending critical infrastructure, disrupting and dismantling threat actors, shaping market forces to drive security and resilience, investing in a resilient future and forging international partnerships to pursue shared goals.
As companies begin to digest what this initiative will mean, Security Magazine recently spoke with a number of security leaders about their take on it. “It’s encouraging to see the government step in to support businesses in combating cybersecurity threats,” said Jason Rebholz, CISO, Corvus Insurance in the article. “For too long, businesses and individuals have been forced to defend against a well-funded, well trained and well-motivated adversary. This is the right next step in keeping American citizens and businesses safe in the escalating cyber war.” Read the full article here.
What is clear is the issue of cybersecurity and its impact on physical and operational security is not going away and must be addressed in a number of ways. In order to enjoy the benefits smart buildings bring, it is critical to stay abreast of not only the cyber-vulnerabilities but also the latest efforts to combat them from both private and public sources.