?
editor’s question
MAHER JADALLAH
– REGIONAL
DIRECTOR –
ME, TENABLE
T
he convergence
of the data side
of the business
(traditionally the
realm of IT) and
the operational
technology (OT)
side (used to manage industrial control
systems (ICS)) has revolutionised our
critical infrastructure. This connectivity
can remove the need for a physical
person to be on-site to manually make
changes and instead use a computer
to remotely adjust settings whenever
and wherever necessary. While IT/
OT convergence improves efficiency,
enables predictive maintenance and
reduces downtime, it also exposes
industrial environments to a much wider
attack surface.
Cybercriminals have infiltrated IT
networks for many years, seeking to
gain access to sensitive databases
and assets. As we continue to connect
our OT infrastructure, threat actors
are seeing more possibilities to exploit
vulnerabilities and exposures in legacy
ICS equipment. The merging of these
two previously separated environments
poses a real risk by introducing even
more attack vectors, while making
cybersecurity threats harder to detect,
investigate and remediate. In addition
to the threat to data, an attack against
OT systems could have physical
consequences, both on the business
infrastructure but also cause bodily harm.
When looking at the type of threat
faced, particularly as a result of IT and
OT convergence, ransomware features
prominently. Cybercriminals will seek
financial gain and leverage ransomware
to hold these organisations hostage.
The second major threat is from
inside the organisation, for example,
disgruntled employees, third-party
contractors, compromised individuals
or simply human error. Whether
the intention is malicious or purely
accidental, it can have the same impact.
For example, a contractor that plugs a
malware-infected PC into a remote site.
With cybercriminals typically looking to
target low-hanging fruit to gain entry, it
is inevitable that we will continue to see
attacks aimed at the perceived least
With cybercriminals
typically looking to
target low-hanging
fruit to gain entry,
it is inevitable that
we will continue to
see attacks aimed
at the perceived
least defended OT
infrastructure.
defended OT infrastructure. The
biggest challenge facing the security
teams tasked with managing this
complex, sensitive and expanded attack
surface is visibility.
Automated solutions are needed to
identify and characterise converged IT/
OT systems, providing a unified, riskbased
view detailing what is exposed,
where and to what extent across the
combined IT and OT environments.
Failure to identify all systems creates
blind spots where some systems are
potentially insecure, thereby increasing
downtime risk. When a security
incident occurs, timely resolution
depends on immediate availability of
accurate inventory including every bit
of information all the way from a device
model down to the firmware version.
While it might seem overwhelming,
identifying weaknesses within OT
environments is critical to understanding
risk. Vulnerabilities must be assessed
and prioritised, based on risk and
likelihood of exploitation. Those
that create the most risk should be
remediated either by patching or by
other mitigation measures - such as
changes to firewall rules.
28 Issue 26 | www.intelligentciso.com