OT is a target
Joe Robertson from Fortinet claims in an opinion article that the COVID-19 pandemic has heightened cyber threats to OT networks
Cybertech
| 27/01/2021
By Joe Robertson
Today, almost no discussion about any subject goes on for long without the current pandemic being brought up in some way. It dominates all of our lives in many ways. Of course, life must go on, business does continue. But not in the same ways. Companies have had to review their business models and adapt to the reality that fewer people work from an office for the near future – they have become home workers. This has put pressure on IT departments, including new security concerns. Likewise, the impact on securing Operational Technology (OT) has been enormous.
For example, under lockdowns, many production lines have had to slow or shut down completely as workers are unable to come to the plant. But unlike an IT environment, where changing a software process or powering down a device is relatively straightforward and can be done remotely, the reality of OT means it isn’t so easy to turn off a chemical process or shut down an assembly line.
Some systems, like a blast furnace or massive boiler, are designed for continuous operation, making it close to impossible to turn them off completely. In many cases, a skeleton shift of operators has to be on-site to run a plant or process just to keep the machinery from failing. In many more cases, operators are trying to run things remotely, even though the systems were not designed for this.
One of the most important lessons of Covid has been that disruptive changes can happen at any time. Even if we cannot anticipate which disruptions may hit us, we have to assume that there will be some, or operate as if you’ve already been breached. Which means we need to do a better job of anticipating and preparing for change, and that starts by taking nothing for granted.
OT is a target
Historically, OT processes ran on non-routable protocols. This tended to make security more or less a simple matter of physical protection. The separation of the OT network from everything else—the so-called air gap—made it easy for the operations teams to ignore the major cybersecurity headaches being faced in data centers and business networks. And the result was that, for many organizations, cybersecurity for the production environment was a low-priority item or even ignored.
One Operations Manager recently asked me, “We back up all our production data and configurations every day; why invest in cybersecurity? If we’re attacked, we can just re-start with yesterday’s data.” It only took a few minutes for me to change his mind when I mentioned a new breed of ransomware.
I asked, “Are you aware of OT-specific malware like EKANS? Or of exploits that spoof the HMI console, tricking the operator into thinking everything is fine when in fact the machines are spinning out of control?” He was surprised by the realization that cyberattacks can result in not merely production problems, but potential damage to equipment, danger to the safety of staff, and even environmental hazards.
Good-bye, Air Gap
Over the last decade or so, more and more OT systems have switched to run on standard Ethernet using IP protocols. But it isn’t just the protocols that are changing. The air gap has disappeared as industrial networks converge with the IT network. For almost three decades, one of the main architectures for production and manufacturing automation has been the Purdue Model, which divides functional aspects of a process into zones.
The Process Control zone is defined by the sensors, actuators, and related instrumentation implementing a process. The Operations and Control Zone describes management of this process and multiple processes across a site. The Purdue model is very hierarchical, so each Process Control zone only has one point of communication with the supervising Operations & Control zone.
In turn, the Operations & Control zone only has a single point of connection to the corporate IT environment, referred to as the Enterprise zone. That interconnection point is usually a demilitarized zone with a firewall to separate them. For a long time, this level of security seemed to be enough.
However, IT and OT networks are now necessarily converging as an ever greater amount of information passes between them. Sensors and programmable logic controllers (PLCs) proliferate in the production environment, and many of them have wireless connectivity. Wireless LANs and wired LANs are shared by office workers and production machinery.
OT and IT networks may still be separated logically, but they are no longer separated physically. In addition, the multitude of OT sensors in place produce a flood of data that needs to be analyzed by applications in the Enterprise zone. And information and instructions flow in the other direction, as well. And where data flows, so too can threats.
This does not mean that the Purdue Model no longer applies. However, it does mean that we have to rethink the protections we put in place within and between OT zones. For example, while a segmentation firewall for each Process Control zone is like a locked front door on a house (fine for keeping out passers-by), it won’t block a determined thief—especially if the windows and an associated back door are open.
By Joe Robertson, CISO, EMEA region, Fortinet
Rare-earth elements between the United States of America and the People's Republic of China
The Eastern seas after Afghanistan: the UK and Australia come to the rescue of the United States in a clumsy way
The failure of the great games in Afghanistan from the 19th century to the present day
Russia, Turkey and United Arab Emirates. The intelligence services organize and investigate
Joe Robertson from Fortinet claims in an opinion article that the COVID-19 pandemic has heightened cyber threats to OT networks
By Joe Robertson
Today, almost no discussion about any subject goes on for long without the current pandemic being brought up in some way. It dominates all of our lives in many ways. Of course, life must go on, business does continue. But not in the same ways. Companies have had to review their business models and adapt to the reality that fewer people work from an office for the near future – they have become home workers. This has put pressure on IT departments, including new security concerns. Likewise, the impact on securing Operational Technology (OT) has been enormous.
For example, under lockdowns, many production lines have had to slow or shut down completely as workers are unable to come to the plant. But unlike an IT environment, where changing a software process or powering down a device is relatively straightforward and can be done remotely, the reality of OT means it isn’t so easy to turn off a chemical process or shut down an assembly line.
Some systems, like a blast furnace or massive boiler, are designed for continuous operation, making it close to impossible to turn them off completely. In many cases, a skeleton shift of operators has to be on-site to run a plant or process just to keep the machinery from failing. In many more cases, operators are trying to run things remotely, even though the systems were not designed for this.
One of the most important lessons of Covid has been that disruptive changes can happen at any time. Even if we cannot anticipate which disruptions may hit us, we have to assume that there will be some, or operate as if you’ve already been breached. Which means we need to do a better job of anticipating and preparing for change, and that starts by taking nothing for granted.
OT is a target
Historically, OT processes ran on non-routable protocols. This tended to make security more or less a simple matter of physical protection. The separation of the OT network from everything else—the so-called air gap—made it easy for the operations teams to ignore the major cybersecurity headaches being faced in data centers and business networks. And the result was that, for many organizations, cybersecurity for the production environment was a low-priority item or even ignored.
One Operations Manager recently asked me, “We back up all our production data and configurations every day; why invest in cybersecurity? If we’re attacked, we can just re-start with yesterday’s data.” It only took a few minutes for me to change his mind when I mentioned a new breed of ransomware.
I asked, “Are you aware of OT-specific malware like EKANS? Or of exploits that spoof the HMI console, tricking the operator into thinking everything is fine when in fact the machines are spinning out of control?” He was surprised by the realization that cyberattacks can result in not merely production problems, but potential damage to equipment, danger to the safety of staff, and even environmental hazards.
Good-bye, Air Gap
Over the last decade or so, more and more OT systems have switched to run on standard Ethernet using IP protocols. But it isn’t just the protocols that are changing. The air gap has disappeared as industrial networks converge with the IT network. For almost three decades, one of the main architectures for production and manufacturing automation has been the Purdue Model, which divides functional aspects of a process into zones.
The Process Control zone is defined by the sensors, actuators, and related instrumentation implementing a process. The Operations and Control Zone describes management of this process and multiple processes across a site. The Purdue model is very hierarchical, so each Process Control zone only has one point of communication with the supervising Operations & Control zone.
In turn, the Operations & Control zone only has a single point of connection to the corporate IT environment, referred to as the Enterprise zone. That interconnection point is usually a demilitarized zone with a firewall to separate them. For a long time, this level of security seemed to be enough.
However, IT and OT networks are now necessarily converging as an ever greater amount of information passes between them. Sensors and programmable logic controllers (PLCs) proliferate in the production environment, and many of them have wireless connectivity. Wireless LANs and wired LANs are shared by office workers and production machinery.
OT and IT networks may still be separated logically, but they are no longer separated physically. In addition, the multitude of OT sensors in place produce a flood of data that needs to be analyzed by applications in the Enterprise zone. And information and instructions flow in the other direction, as well. And where data flows, so too can threats.
This does not mean that the Purdue Model no longer applies. However, it does mean that we have to rethink the protections we put in place within and between OT zones. For example, while a segmentation firewall for each Process Control zone is like a locked front door on a house (fine for keeping out passers-by), it won’t block a determined thief—especially if the windows and an associated back door are open.
By Joe Robertson, CISO, EMEA region, Fortinet