All News & Insights

ML Journal

Embracing OT Cybersecurity as a Transformative Culture Shift

Building a resilient OT-IT integrated future requires vision and a proactive approach to cybersecurity. 

TAKEAWAYS:
Leaders need an outcome-focused cybersecurity vision that sets clear, strategic goals for what they want to achieve in terms of security and ensures that decisions and actions align with these outcomes.
● Take immediate action by integrating the SANS Five Critical Controls for Industrial Control Systems (ICS), the first lie of cybersecurity defense, offering a  structured approach to incident response, network architecture, visibility, secure access, and vulnerability management.
Stay one step ahead by proactively addressing the common attack vectors that target OT environments to enhance organizational resilience against cyberattacks and safeguard critical operations.   

In modern manufacturing, the integration of Operational Technology (OT) with traditional IT systems has given rise to a new set of challenges. OT, which encompasses the hardware and software that monitors and controls physical devices, is the backbone of manufacturing operations. Yet, it is often the case that these systems were not designed with cybersecurity in mind, thereby creating an environment ripe for exploitation.

As manufacturers rely more on automated processes and connected devices, the line between IT and OT blurs, making it crucial to protect the entire ecosystem. Unlike traditional IT security, which focuses on safeguarding data, OT cybersecurity is about maintaining system integrity and ensuring the continuous, safe operation of production lines.

Recognizing the unique requirements of OT environments is the first step in securing them. These systems demand a specialized, OT-specific approach to cybersecurity. The approach must:

  • understand the systems
  • analyze and log the commands for threat behaviors or to spot misconfigurations
  • consider the need for minimal disruption
  • prioritize workforce and equipment safety

Understanding the Operational Risks in Manufacturing

The operational risks facing the manufacturing sector are multifaceted. The ramifications of a breach in an OT system can be far more severe than that of an IT system, often resulting in physical damage to equipment, downtime in production, loss of revenue, and even risks to human lives. As remote access into OT increases, risk to the environment increases with it.

Moreover, cybercriminals are constantly devising new methods to exploit vulnerabilities in OT systems. These adversaries range from money-motivated ransomware gangs to sophisticated criminal organizations and state-sponsored actors, all with the capability to disrupt manufacturing operations on a massive scale. The truly alarming aspect lies in the potential for advanced tools, developed by sophisticated nation states, to fall into the hands of less sophisticated adversaries. These adversaries, driven by financial motives, are willing to target any type of organization.

According to the recently released Dragos OT Cybersecurity Year in Review, ransomware attacks escalated by nearly 50% in 2023, with the manufacturing sector being the primary target.

 

The operational risks also extend to the supply chain, where a single vulnerability can have cascading effects across multiple manufacturers. Key software components can be a part of hundreds of different systems, impacting hundreds of thousands of devices, like PIPEDREAM – an industrial control systems (ICS)-specific malware toolkit. The interconnectivity of suppliers, vendors, and partners means that securing the manufacturing process is no longer just about protecting one’s own operations but ensuring the integrity of the entire value chain.

According to the recently released Dragos OT Cybersecurity Year in Review, ransomware attacks escalated by nearly 50% in 2023, with the manufacturing sector being the primary target. High-profile ransomware attacks on major companies like Dole, Boeing, and Clorox resulted in the shutdown of facilities and substantial financial losses. Lockbit ransomware alone accounted for 25% of all industrial ransomware attacks, with ALPHV and BlackBasta each contributing 9% of the total.

A pivotal insight from the report: approximately 70% of OT-related cyber incidents originated from the IT environment, indicating the need for robust network segmentation and separate domains for IT and OT systems.

The Need for a Cultural Shift in OT Cybersecurity

The crux of the challenge lies not just in the technology, but in the mindsets of teams operating and managing OT systems. For decades, the primary focus of manufacturing has been on efficiency and productivity, with cybersecurity often taking a backseat. This must change. Industry must foster a culture where cybersecurity is as fundamental as safety and quality.

Embracing OT cybersecurity requires a cultural shift within the organization, where everyone from the shop floor to the boardroom understands the significance of cybersecurity and their role in upholding it. This shift entails a move away from reactive measures toward a proactive approach that can also be used to increase operational equipment efficiency (OEE) and resilience.

Adopting an outcome-focused mindset ensures that the organization remains resilient against emerging threats, with a clear focus on achieving desired security outcomes.

 

A robust OT cybersecurity program encompasses the entire manufacturing process, with a focus on protecting the most vital assets. Although comprehensive frameworks like NIST and ISA/IEC 62443 exist to guide the development of a thorough plan, their complexity can sometimes hinder prompt action. Our recommendation is to start with the implementation of the SANS Five Critical Controls for ICS, which include:

  1. OT-Specific Incident Response Plan
  2. Defensible Architecture
  3. ICS Network Visibility & Monitoring
  4. Secure Remote Access
  5. Risk-Based Vulnerability Management

Begin by putting these controls into practice, ensuring they are fully operational and can efficiently handle key scenarios. As the program evolves, establish a risk management framework. This will allow the program leader to fine-tune investments and enhance risk mitigation efforts.

The Impact of Cyber Controls on Operational Efficiency

It is crucial to recognize that implementing the right cyber controls can lead to substantial improvements in operational efficiency and uptime. In production environments, the questions of “What happened and why?” are frequently posed. While some answers may be straightforward, identifying the root cause of emergent problems often proves challenging. Controls that enable the identification of new devices, monitor third-party remote access, and log OT system commands offer a valuable data set. This data can be analyzed to understand events leading up to and following issues, enhancing OT network visibility and monitoring.

Preventing Production Shutdowns and Managing Risks
The questions arise: Can we prevent a shutdown of production, or if necessary, how can we execute an orderly shutdown? Implementing risk-based vulnerability management offers alternatives to IT-driven device patches that could halt production lines. In the event of an incident, a robust OT-specific incident response plan, which considers critical processes and safety systems, is essential.

Safeguarding Critical Processes and Assets
Protecting critical processes and assets from IoT devices, transient network traffic, or third-party remote access is paramount. This involves creating defensible architectures that segment equipment types and networks. Such strategies lead to more resilient operating environments and minimize disruptions.

Maintaining Vigilance in Manufacturing Environments
Staying vigilant and continuously searching for potential problems within manufacturing settings is essential for maintaining operational integrity and safety. This proactive approach helps in early detection and resolution of issues, ensuring the smooth functioning of operations.

Cultivating cyber hygiene and awareness not only strengthens security but also enhances the overall efficiency and reliability of manufacturing operations.

The Role of Leadership in Driving Outcome-Focused Cybersecurity

Leadership plays a pivotal role in driving change and instilling a culture that takes cybersecurity seriously. It’s imperative for leaders to lead by example, demonstrating the importance of cybersecurity through clear communication, investing in effective tools and training, and advocating for continuous improvement. These elements are crucial in fostering a culture that prioritizes OT cybersecurity.

Creating an OT cybersecurity plan is a strategic process that involves multiple stakeholders and detailed planning. The plan should clearly outline the goals, responsibilities, and procedures that will guide the organization’s cybersecurity efforts. A few best practices include:

  • Set clear objectives. What are the most critical assets that need protection? What are the potential threats? What compliance requirements must be met? Answering these questions will help to establish a framework for the cybersecurity strategy.
  • Build in flexibility to adapt quickly. As manufacturing operations evolve and new threats emerge, the plan must be flexible enough to accommodate these changes and allow for adjustments that fortify security measures over time. Adopting an outcome-focused mindset rather than a tactic-centric approach ensures that the organization remains resilient against emerging threats, with a clear focus on achieving desired security outcomes.
  • Engage all stakeholders. By incorporating diverse perspectives and expertise, manufacturers can enrich the cybersecurity plan and foster a culture of shared responsibility and vigilance.

A practical first step in this journey is organizing a tabletop exercise (TTX) focused on a ransomware threat scenario. This simulation will uncover vulnerabilities, paving the way for prioritizing efforts and allocating resources effectively. Moreover, a meticulously planned TTX reveals weaknesses in incident response protocols, ensuring that in the face of a cyberattack, swift and coordinated efforts can significantly reduce damage and expedite recovery. It is essential to regularly test and update these protocols to align with real-world challenges and ensure readiness across all stakeholders.

Transitioning to the implementation phase involves deploying OT-specific cybersecurity solutions, configuring systems for enhanced protection, and integrating new technologies and processes seamlessly into the existing operational technology environment. Special attention should be given to addressing common vulnerabilities and attack vectors identified within the manufacturing sector, such as:

  • Security Perimeters: 63% of manufacturers report inadequate OT security perimeters.
  • Incident Response: 52% lack tailored incident response plans for their industrial control systems (ICS).
  • Network Visibility: A staggering 85% of manufacturers admit to insufficient OT network visibility.
  • Strengthening these areas is critical for establishing a resilient security posture capable of defending against and swiftly responding to cyber threats.

Conclusion and Next Steps

Strengthening OT cybersecurity is more than a technology initiative; it is a critical business strategy. Acknowledging operational vulnerabilities, embracing the need for culture transformation, and deploying robust cybersecurity measures are essential for safeguarding operations, fostering innovation, and securing a competitive advantage. Initiating this journey with a focus on desired outcomes, leveraging specialized monitoring technologies, and forming alliances with OT security professionals attuned to manufacturing intricacies will equip businesses to effectively confront future challenges.  M

About the author:

 

Jennifer Halsey is Director of Integrated Product Marketing for Dragos, Inc.

View More