EDITOR’S QUESTION
WHAT SECURITY RISKS
ARE BEING INTRODUCED
AS IT AND OT NETWORKS
CONVERGE?
Intelligent CIO has asked industry experts what security risks
are being introduced as IT and OT networks converge? Here is
the response from Peter Margaris, Senior Director of Product
Marketing, Skybox Security:
As OT environments continue their
convergence with IT networks, the
need to secure these technologies to
support continuous uptime and safety has
never been more critical. These technologies
are often business critical in many industries
and extend to the monitoring and control
of core infrastructure such as oil and gas
drilling and distribution; energy generation
and distribution; chemical, pharmaceutical
and consumer goods manufacturing;
and many health, building management,
transportation and telecommunications
applications, among others. Failure directly
affects business operations and revenue.
Additionally, because they run essential
systems in critical infrastructure and deliver
responsive capabilities in real-time (such as
meeting surge demand/usage), availability
is a key security concern. OT networks,
therefore, need to be operational at all times.
However, in a digitally-connected age where
technological advances are continuing
apace, traditional safeguards like leveraging
air gaps or creating physical separations
have all but disappeared. In the last 20
years, OT has been exposed directly to
outside risks via remote sensors to retrieve
data, Wi-Fi enabled controllers and USB
devices to update software, for example.
Considering this increased cybersecurity
risk exposure and the criticality of services
OT supports, OT networks have become
a more attractive objective to hack and
breach. This interest is visible in the growing
availability of productised exploit kits, easily
searchable sites on legacy technology
and new monetisation options such as
ransomware specifically designed to attack
industrial systems.
Let’s be clear: the threat facing OT networks
is increasing. Skybox’s Vulnerability and
Threat Trends Report 2020 revealed that
the volume of new ICS-CERT advisories
increased by 53% from 2018 to 2019. And
with the increasing convergence of corporate
IT and production OT networks, threats
within both environments present a greater
danger than ever before. Vulnerabilities and
security issues within both environments
can give an attacker a foothold, as well as
opportunities for lateral movement.
One of the most significant OT
vulnerabilities published in 2019, with
a 10/10 severity level, was ICSA-19-
043-033, which warned about several
vulnerabilities within WibuKey’s digital rights
management product. This vulnerability
allows privilege escalation and has remote
code execution (RCE) attributes: if exploited,
the attacker could take control of the
affected control and monitoring system.
Considering how OT devices are increasingly
connected to the wider business’ IT
environment, this vulnerability highlights
the pressing need for organisations with
OT networks to improve the security which
surrounds their critical infrastructure.
To tackle threats to hybrid IT-OT networks,
organisations need to build a united view
of their hybrid network infrastructure so
that they are able to understand network
context with holistic network modeling and
mapping, confirm effective controls through
firewall and access control systems, identify
vulnerabilities and effectively prioritise
patching. It’s far from a simple task but
the need for improved protections for
organisations with OT infrastructure
cannot be clearer.
26 INTELLIGENTCIO www.intelligentcio.com