industry expert ransomware has made it onto specific controllers to see whether changes have been made to the configuration .
As plans aren ’ t in place , we end up plunging ourselves into the darkness with no way to tell whether it is safe to turn things back on . Furthermore , this lack of proper plans and runthroughs of protocols can prolong an OT environment ’ s restart long after the IT network has been brought back online and the machines [ computers ] rebuilt .
What does Dragos identify as the biggest cybersecurity weaknesses that European asset owners currently face ?
The most prominent cybersecurity weaknesses currently are visibility and Incident Response ( IR ) planning . We recommend specific steps to reduce these weaknesses . Firstly , having a secure and defensible architecture is a must but not always possible as many networks have been running for decades and we can ’ t re-engineer the way they ’ ve been put together . Secondly , having visibility into what you have and what ’ s going on in the network to look for threats and help detect suspicious or malicious activity to respond to it appropriately . Lastly , there is a skill gap wherein more skill maturity is required , especially for in-house expertise .
There is a need to adopt a more holistic approach . For example , IR planning is a weakness in parallel with the visibility problem as companies don ’ t know how to respond when something happens in the IT or OT environment .
Dragos highlighted targeted threats that focus on infiltrating and disrupting industrial control systems as posing the most cybersecurity risk to European Industrial Infrastructure . Why is this and what can organisations do to protect against these types of attacks ?
They are posing the most cybersecurity risk because of their motivations . There ’ s ample research which suggests that the specific entities hit are according to where the most money is to be made . However , in many cases , the intent can be to disrupt , which affects not just the industry but also the configuration of every individual site . It is critical to defend against such kinds of operations as we don ’ t want to respond to an incident where we ’ ve lost all control of the devices .
Disruption in the supply chain can be catastrophic to those in need ; it is not just about the severity of the impact on a business but also on people living nearby and those who rely on it .
What are your recommendations to organisations in this sector on how they can obtain better visibility and defend against these threats ?
Good initial steps of intrusion are very similar to defending an IP network from the perspective of patching . Even though it might not necessarily be at the forefront of people ’ s minds , a lot of initial access to the networks is through router devices , especially in remote working . As a result , there are numerous exploitable vulnerabilities against the initial networking infrastructure and this needs to be addressed .
In addition , vulnerability reporting and assessment will help defend against threats better . However , for roughly onethird of reported OT vulnerabilities , there is a difference between how Dragos would assess the severity compared to how other operators or vendors would , which changes the priority of the patching process .
Better visibility is the key to defending against threats . Logging is vital as it creates a historical record to regularly audit , especially when responding to an intrusion . On the network side , visibility again is critical as many things can be put in a network on both the IT and OT sides .
We are not going to have patches for legacy systems , but we can put additional safeguards in place and monitor some of the key directories where adversaries like to stage their tools or malware .
Which cybersecurity areas should organisations in this sector be prioritising looking ahead ?
Organisations in this sector need to prioritise visibility as it is a step into doing something new and can take a lot of persuasion . However , there is ample evidence to show what the undesirable effects of the lack of security can do within an OT network . After visibility , patching is the next important step which includes looking at the devices and understanding the basics of the network , not just between routine IT networks but also what is directly accessible from the open Internet .
Furthermore , organisations need to invest in skills and people to up-skill their existing staff members . Finally , periodic reviews need to be in place and organisations need to get a good handle on the assets and the configuration of those assets . The playbook is very similar to that of the IT side , but it tends to be forgotten on the OT side ; this needs to be remedied . u www . intelligentciso . com
79