At the Crossroads of IT and Legacy OT, Hackers Await

At the Crossroads of IT and Legacy OT, Hackers Await
Industry Week April 2022
By Manish Chawla

The shift from experimenting to seizing the benefits of Industry 4.0 has equipped manufacturers with the agility and resiliency to adapt to the challenges of the pandemic, enhanced operational efficiencies and improved worker safety and sustainability. However, greater integration between IT and legacy operational technology (OT) has also created a much greater “surface area” for cyber-attacks.

Last year, OT systems were at the center of cybercriminals’ target scope, according to a new IBM X-Force report, as more than one in three attacks observed were against organizations that have OT networks. Manufacturing—for the first time in years—eclipsed the financial services industry as the most attacked industry.

These attacks don’t just pose serious risks for manufacturers but have the potential to reverberate across the supply chain and into all corners of the economy if proper security controls aren’t in place.

Consider this: by the end of 2021, the price of ground beef rose 10% following the May 2021 ransomware attack on JBS, the largest meat supplier in the United States. Gas prices also increased 10% by end of year, after the ransomware attack on Colonial Pipeline that same month.

Battling strained supply chains from the pandemic, manufacturers have been operating at a tipping point – and cybercriminals used this to their advantage, threatening operational disruptions and the subsequent snowball effect onto supply chains.

OT’s Rising “Debt”: Unpatched Vulnerabilities

Nearly half of all attacks (47%) on manufacturers in 2021 occurred by attackers exploiting known, unpatched vulnerabilities, highlighting the extent to which these organizations struggle to keep up with patching their environments.

Simply put, industrial organizations often find themselves shackled by complexity when it comes to cybersecurity. They depend on legacy systems for which security patches may not exist. When patches are available, the high risk for disruption by applying a patch—from glitches to regulatory limitations—or the sizeable costs for upgrading or patching may put them between a rock and a hard place. As a result, they may decided to carry the risk of vulnerability exploitation within an OT network because they feel they have no choice.

A common workaround is to require the IT and OT environments to operate in siloes to mitigate the risk of operational disruption. But this drastically limits the organization’s ability to reap the benefits of true digitalization.

Enhancing Resilience Across the Industrial Sector

Shying away from plant modernization is far from the answer. Operational data is among the most valuable assets to unlock productivity and profitability and combining OT and IT networks is critical to unlock that value.

Here are four key actions for manufacturers to consider when modernizing operations:

  1. Modernize plant networks and applications. An open, hybrid cloud approach provides flexibility to run and deploy applications at the (plant) edge where real-time speed and agility are key. It also extends their threat visibility, removing blind spots to quickly detect suspicious activity across environments and to automate security responses. A hybrid cloud approach can also help unite multi-cloud operations where regulation in certain markets can prohibit the use of cloud offerings, a common challenge in the energy industry.
  2. Centralize security event tracking to unite IT and OT. By connecting OT data with the broader IT security ecosystem, organizations can have a singular view of their OT security and improve their ability to monitor security events across diverse environments. For example, ABB and IBM teamed up to help organizations contextualize security and operations impact of events, reducing the risk of potential disruptions. More collaborations that bring together IT and OT are needed to detect and mitigate cyberattacks.
  3. Operate under the assumption of compromise. According this year’s X-Force Threat Index, there was a 50% increase in Industrial Control Systems vulnerabilities that were disclosed in 2021, highlighting a widening attack surface that cybercriminals can exploit. It’s essential to operate on the assumption that user credentials or the network itself may already be compromised. This shift in mindset pushes the organization into a default state of active defense and should extend across the entire supply chain.
  4. Prepare for cyber resiliency with readiness assessments and invest in local data storage backup. Operational data is a vital asset to industrial companies—loss of this data means lost revenue. Industrial organizations should conduct readiness assessments and evaluate their incident response plans including the ability to restore / recover with short lead times. They must know how to respond in the event of a cyberattack, not only accounting for the technical components but also identifying the crisis team members and communication channels to be used if the network is down.

Cybercriminals found the industry’s pressure points – and with manufacturing experiencing the most ransomware attacks last year, they show no signs of stopping in 2022. It’s paramount that manufacturing organizations increase their cyber readiness and resilience before the cybercriminals put them to the test.