WHAT SECURITY
RISKS ARE BEING
INTRODUCED AS IT
AND OT NETWORKS
CONVERGE?
Intelligent CISO has asked
industry experts what security
risks are being introduced as
IT and OT networks converge?
Here is the response from
Peter Margaris, Senior
Director of Product Marketing,
Skybox Security:
s OT environments
A
continue their
convergence with
IT networks, the
need to secure
these technologies
to support
continuous uptime and safety has never
been more critical. These technologies
are often business critical in many
industries and extend to the monitoring
and control of core infrastructure such
as oil and gas drilling and distribution;
energy generation and distribution;
chemical, pharmaceutical and consumer
goods manufacturing; and many health,
building management, transportation
and telecommunications applications,
among others. Failure directly affects
business operations and revenue.
Additionally, because they run essential
systems in critical infrastructure and
deliver responsive capabilities in real-time
(such as meeting surge demand/usage),
availability is a key security concern.
OT networks, therefore, need to be
operational at all times.
However, in a digitally-connected age
where technological advances are
continuing apace, traditional safeguards
like leveraging air gaps or creating
physical separations have all but
disappeared. In the last 20 years, OT
has been exposed directly to outside
risks via remote sensors to retrieve
data, Wi-Fi enabled controllers and USB
devices to update software, for example.
Considering this increased cybersecurity
risk exposure and the criticality of
services OT supports, OT networks have
?
become a more attractive objective to
hack and breach. This interest is visible
in the growing availability of productised
exploit kits, easily searchable sites on
legacy technology and new monetisation
options such as ransomware specifically
designed to attack industrial systems.
Let’s be clear: the threat facing OT
networks is increasing. Skybox’s
Vulnerability and Threat Trends Report
2020 revealed that the volume of new
ICS-CERT advisories increased by
53% from 2018 to 2019. And with the
increasing convergence of corporate
IT and production OT networks, threats
within both environments present
a greater danger than ever before.
editor’s question
Vulnerabilities and security issues within
both environments can give an attacker
a foothold, as well as opportunities
for lateral movement. One of the most
significant OT vulnerabilities published
in 2019, with a 10/10 severity level, was
ICSA-19-043-033, which warned about
several vulnerabilities within WibuKey’s
digital rights management product. This
vulnerability allows privilege escalation
and has remote code execution (RCE)
attributes: if exploited, the attacker could
take control of the affected control and
monitoring system. Considering how OT
devices are increasingly connected to
the wider business’ IT environment, this
vulnerability highlights the pressing need
for organisations with OT networks to
improve the security which surrounds
their critical infrastructure.
To tackle threats to hybrid IT–OT
networks, organisations need to build
a united view of their hybrid network
infrastructure so that they are able to
understand network context with holistic
network modelling and mapping, confirm
effective controls through firewall
and access control systems, identify
vulnerabilities and effectively prioritise
patching. It’s far from a simple task but
the need for improved protections for
organisations with OT infrastructure
cannot be clearer.
www.intelligentciso.com | Issue 26
27