In recent years, industrial organizations and those operating critical infrastructure have made significant shifts to adopt new technologies for increased efficiency and innovation. To accomplish this, many organizations have brought operational technology (OT) online, thus converging the world of OT with IT. While this has yielded great benefits, it has also expanded the attack surface. Though some organizations intentionally connect the two environments, others experience accidental convergence, or unintentional points of connection between IT and OT, in environments intended to be “air-gapped,” or physically separated. In both scenarios, maintaining security posture across converged environments is crucial to reduce unnecessary cyber risk.
Addressing the Air Gap
Today, air-gapping is virtually impossible to upkeep and risky to rely on, considering that a seemingly routine activity could allow attackers access to operational environments. For example, a regular maintenance check-in may require a laptop to be plugged directly into an OT system, during which time the devices—even if momentarily—are converged.
Unfortunately, air gaps contribute to a misleading illusion of security, leaving security teams scrambling when they realize their OT is exposed to the outside world. As noted in an alert earlier this year from the National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA), cybercriminals are continuously targeting internet-accessible OT for malicious activities.
Air gaps are no longer sufficient to secure OT. These once-isolated systems require a unified, proactive approach to security to stay ahead of mounting threats.
Start with Visibility
Whether an organization is aware of their IT/OT convergence or not, security teams can’t protect what they can’t see. A blind spot to a security team is an open opportunity for an attacker. In converged environments, an attack can come from all sides, making it critical to secure both IT and OT.
This can mean breaking down silos between IT and OT teams. Assigning different thresholds and processes to secure IT or OT environments turns addressing risk into a disjointed ordeal. Organizations must start with having unified visibility across their converged environments. A single-pane-of-glass view over all IT and OT assets allows security teams to eliminate dangerous blind spots and identify security issues before they can be leveraged in an attack.
Prioritize Detection
With strengthened visibility, security teams are primed to gain deeper situational analysis of their critical assets. It’s important to understand the intricacies of each environment, as IT has a shorter lifecycle than OT, which can linger in industrial environments for decades. This means security teams need to take a second look at their asset inventory, maintenance logs, and change records to ensure they are current. An attack often begins at the network level and can propagate to reveal itself within changes to the programming and actions at the device level. As such, investing in solutions to actively query devices to ensure they are operating normally, without anomaly, can stop an attack before it propagates.
Today’s security teams must embrace a proactive approach to securing modern, converged environments to reduce risk factors of both planned and accidental IT/OT convergence. Understanding points of convergence, ensuring robust visibility and maintaining strong situational analysis across IT/OT will have substantial, positive impacts on security posture. These measures allow critical infrastructure and industrial organizations to fulfill mission-critical operations efficiently and securely.
Interested in reading more articles like this? Subscribe to the ISAGCA blog and receive weekly emails with links to the latest thought leadership, tips, research, and other insights from automation cybersecurity leaders.
