The OT Challenge: Understanding Connectivity

Discussions about securing Operational Technology (OT), which includes systems for industrial operations and building management as well as systems that run utilities, often focus on worst case scenarios—the big attack, the cyber terror that blacks out a whole country and so forth. These are legitimate concerns, but they miss a more realistic and current threat.

Many, if not all, organizations that rely on legacy OT systems are vulnerable to disruption by cyber attack. The attacks may not be catastrophic on a national or societal level, but they can cause a of lot economic damage and financial losses to the targets nonetheless. Factories can be idled, leaving workers out of a job and productive capacity, such as supply chains, interrupted. Accidents caused by hackers can result in injuries or death.

Yoni Shohet, Co-Founder and VP of Business Development at SCADAfence

I recently about the OT threat with Yoni Shohet, Co-Founder and VP of Business Development at SCADAfence, a company that provides cybersecurity and visibility solutions for OT. From Shohet’s perspective, most industrial companies and other users of legacy OT are aware that they have risk exposure. “The problem is not a lack of interest in solving the problem,” Shohet said. “The issue is more one of understanding the nature of their vulnerabilities and then mitigating risks in a practical, efficient way.”

According to Shohet, one of the biggest challenges up front is simply to understand the OT landscape itself. “Over the years, most industrial organizations have built systems, added to them, changed configurations and so forth until they don’t really know what assets they have and what’s connected to what. It’s not their fault. Having a comprehensive system inventory and architectural map hasn’t been a necessity until recently. It certainly wasn’t a priority. That’s all changing now.”

OT was isolated for a generation. Whether it was a deliberate “air gap” or just isolation as a result of system design, OT was generally beyond the reach of hackers. The introduction of Internet of Things (IoT) devices in the industrials setting has now put the vast majority of OT systems into the direct reach of IP-enabled networks.

“Over the years, most industrial organizations have built systems, added to them, changed configurations and so forth until they don’t really know what assets they have and what’s connected to what.”

Yoni Shohet, Co-Founder and VP of Business Development at SCADAfence

Hackers can now easily find their way into OT systems, systems that were never designed for this level of security. The results of this vulnerability have made headlines. OT attacks have affected giants like Honda, Merck and Renault.

Another risk factor, from Shohet’s perspective, is OT’s relatively long product lifecycle. Unlike standard enterprise IT assets and consumer digital devices, OT products last for decades. “Today’s installed base of OT may be up to 30 years old. It’s a tribute to the soundness of their fundamental engineering. They’re a great value, but they’re old and vulnerable. Today’s OT was not built with current cyber threats in mind.”

Industrial control systems may have been designed in an era before the current level of cyber threats were a consideration.

The SCADAfence approach is to address the lack of visibility up front. They look at the overall OT architecture using automated asset discovery. This achieves the much-needed visibility into what’s what and how the pieces are all connected. They then add network monitoring and risk profiling. The SCADAfence solution is able to analyze risk on OT systems using the proprietary industrial protocols of the major players in the space. OT systems come from manufactures like Rockwell, Schneider and Siemens. In order to assess and manage risk in such systems, it’s imperative to work in their native languages, so to speak.

SCADAfence is then able to conduct threat detection and use AI to detect unauthorized activities, anomalies and so forth. They can do this with non-intrusive monitoring. They monitor activities and communications in OT network.

This is a moment of change in OT security. “Securing OT is no longer just a box to be checked off,” Shohet observed. “We see genuine interest in doing this right. People now get how serious the threats can be.” It can even be a business opportunity. “As we get further into our customers’ OT infrastructure, they’re seeing new ways to cut costs and do things like predictive maintenance, which might have been out of reach previously. It’s an exciting time to be doing OT security.”

Photo Credit: Thomas Hawk Flickr via Compfight cc