Digital transformation - Gaining Momentum in Operational Technology (OT)

OT threats are real and are happening now

In August 2018, one of the world’s largest chipmakers was shutdown for three days after the WannaCry outbreak. This resulted in revenue loss estimated to be about $170 million. This shutdown was made more significant because the factory used advanced manufacturing systems that required connectivity to external networks. Given WannaCry struck in mid-2017, this also indicates there is still a lot to be done to ensure OT networks are resilient to cyber-attacks. There are numerous accounts of successful breaches through cyber-attacks on state based power plants, shipping companies, logistics systems and pharmaceutical production facilities that have caused significant downtime and damages exceeding USD $100 million.

Other industries are vulnerable too. For the healthcare sector, connected medical devices (known as Internet of Medical Things or IoMT) offer the potential to improve patient care, while driving down operating costs. But, as healthcare increasingly relies on remote monitoring, the availability of IoMT devices is critical and can be life threatening in some cases. A number of IoMT devices still use legacy operating systems which contain vulnerabilities that can easily be exploited. These vulnerabilities often cannot be patched as these changes may invalidate the device safety certification. Even something as trivial as posting a picture of a birthday celebration in hospital may expose sensitive patient data, while WiFi used by medical equipment can be hacked if not properly secured. Patients and clinicians will therefore need support from information security advisors to give them confidence that appropriate data protection and governance controls are in place, while avoiding protocols that unnecessarily limit the beneficial use of new information.

Ransomware’s effect on the UK’s National Health Service, and multiple US-based healthcare organizations is well documented. The effect of these cyber-attacks resulted in loss of patient data to temporary facility shutdown causing patients in some cases to be turned away from medical facilities. Globally, healthcare is the third most affected industry sector by ransomware attacks according to the NTT Security 2018 Global Threat Intelligence Report.

In October 2016, the Mirai malware created botnets on IoT devices which were then used to launch distributed denial of service (DDoS) attacks that disrupted all global internet traffic. This was the start of the first major attack against IoT devices. IoT devices are pervasive across the internet and are often inherently insecure due to their use of default and/or weak usernames and passwords. In a number of cases these username and password combinations are not even configurable. IoT devices are designed to connect easily to existing IT networks, but this has allowed IoT to bypass existing IT security controls, such as change control and traditional firewalls. As a result, IT administrators face numerous security challenges maintaining their security posture.

Securing OT

Across the globe, we are seeing a few remediation trends. Organizations have started to follow guidelines from ENISA and NIST when implementing connected devices. These guidelines were developed in consultation with industry experts, vendors and government bodies. Many have also started to engage with OT teams, biomedical technicians, and facilities teams to understand devices connected to the network. They are finding a common ground, discovering connected devices, and formulating a strategy to address basic but critical cybersecurity needs.

It’s evident that IT and OT functions within organizations need to work together to ensure security controls are applied against all connected infrastructure elements and that governance of cyber security extends to OT and IOT environments where these are used.