Cyberattacks, aimed against Industrial Control Systems (ICS) happen daily, and they have become a crucial part of modern warfare, which is hybrid and goes beyond ground, sea and space military operations.
Implementing an effective Operational technology (OT) security program is a fundamental step that organizations and critical infrastructure should be taking. What specifics do ICS attacks have? And what are the key elements of an effective OT cybersecurity strategy?
These questions were discussed during the cybersecurity expert’s roundtable on OT/ICS cybersecurity which ISSP organized in partnership with the Finish SSH. Keynote speaker - Tim Conway, Technical Director at SANS Institute (USA). According to Roman Sologub, Co-founder and CEO at ISSP, after the beginning of the full-scale russian military invasion in February, many Ukrainian organizations had to take immediate actions to migrate IT infrastructure to the cloud and physically relocated equipment with transformation to full-remote access.
‘In those days the number of cyberattacks increased dramatically. We observed 2-3 reports of cyberattacks daily. Cyberwar is about persistence; therefore, we assume that it was the result of previous adversaries’ activity of compromising digital assets. Nowadays Ukrainian critical infrastructure face even larger amounts of cyber threats but operators are more capable to manage alerts, response to incidents and quickly mitigate consequences. Enterprises are focused on attack surface reduction, digital threat management, and cybersecurity operations improvement’, Roman Sologub explained.
Ukraine is not the only target of OT/ICS hackers. ‘I don’t think there is a particular country or a particular sector that faces attacks on ICS systems. It has happened over the decade and every industrial company around the world may become a victim’, Tim Conway said.
Finland is not an exception. ‘There are dozens of attacks on the Finnish energy sector daily, but only a few of them are really attempt to get control of the energy networks and shut them down. The number of attacks on other significant industries like food or pharma also increased tremendously,' Rami Raulas, Head of EMEA region at SSH mentioned.
What enterprises should consider protecting their OT networks?
According to Tim Conway, to develop an OT cybersecurity strategy, you should start with an understanding of the complexity of the process under the control. Is it a manual mechanical control system with a limited automatization process or a facility with a complicated system(s) with a tremendous number of digital assets? The second point is related to cyber risk assessment. If you were an adversary what kind of effect you would achieve in that environment? And the third question – what types of solutions do you have to mitigate those risks?
‘An approach to OT security is different from an approach to IT security. ICS has different requirements for availability, different risk management approaches, architecture, components' location, and even components' lifetime. It impacts many aspects of security design and management, Roman Sologub pointed out.
Building an effective OT cybersecurity strategy depends on a huge number of factors. Regardless of a sector, a size of an organization or the complexity of OT processes Tim Conway suggested focusing on 5 key points: • response plan • defensive architecture • OT-specific thread monitoring • remote access • risk-based vulnerability management