Q + A + Q + A + Q + A + Q + A + Q + A + Q + A + Q + A +
MAHER JADALLAH,
REGIONAL DIRECTOR –
MIDDLE EAST AT TENABLE
EDITOR’S QUESTION
The convergence of the data side of
the business (traditionally the realm
of IT) and the operational technology
(OT) side (used to manage industrial control
systems (ICS)) has revolutionised our critical
infrastructure. This connectivity can remove
the need for a physical person to be on-site
to manually make changes and instead use
a computer to remotely adjust settings
whenever and wherever necessary. While
IT/OT convergence improves efficiency,
enables predictive maintenance and
reduces downtime, it also exposes
industrial environments to a much wider
attack surface.
Cybercriminals have infiltrated IT networks
for many years, seeking to gain access
to sensitive databases and assets. As we
continue to connect our OT infrastructure,
threat actors are seeing more possibilities
to exploit vulnerabilities and exposures in
legacy ICS equipment. The merging of these
two previously separated environments
poses a real risk by introducing even more
attack vectors, while making cybersecurity
threats harder to detect, investigate and
remediate. In addition to the threat to data,
an attack against OT systems could have
physical consequences, both on the business
infrastructure but also cause bodily harm.
When looking at the type of threat
faced, particularly as a result of IT and
OT convergence, ransomware features
prominently. Cybercriminals will seek
financial gain and leverage ransomware to
hold these organisations hostage.
The second major threat is from inside
the organisation, for example, disgruntled
employees, third party contractors,
compromised individuals or simply human
error. Whether the intention is malicious
or purely accidental, it can have the same
impact. For example, a contractor that plugs
a malware infected PC into a remote site.
With cybercriminals typically looking to
target low hanging fruit to gain entry,
it is inevitable that we will continue to
see attacks aimed at the perceived least
defended OT infrastructure.
The biggest challenge facing the security
teams tasked with managing this complex,
sensitive and expanded attack surface is
visibility. Automated solutions are needed
to identify and characterise converged IT/
OT systems, providing a unified, risk-based
view detailing what is exposed, where and to
what extent across the combined IT and OT
environments. Failure to identify all systems
creates blind spots where some systems
are potentially insecure, thereby increasing
downtime risk. When a security incident occurs,
timely resolution depends on immediate
availability of accurate inventory including
every bit of information all the way from a
device model down to the firmware version.
While it might seem overwhelming,
identifying weaknesses within OT
environments is critical to understanding
risk. Vulnerabilities must be assessed and
prioritised, based on risk and likelihood of
exploitation. Those that create the most risk
should be remediated either by patching
or by other mitigation measures – such as
changes to firewall rules.
www.intelligentcio.com
INTELLIGENTCIO
27