Much talk on cybersecurity focuses on the issues within the ever-expanding enterprise. This generally refers to the security implications of the hyper-connected enterprise network with a multitude of endpoints. However, the advent of ‘Industry 4.0’ with the automation of manufacturing that it brings, means that once closed operational technologies, are now connected to a wider IT infrastructure. Operational Technology or OT, is an industrial technology that is increasingly converging with IT. In doing so, these converged systems, often in the form of Industrial IoT (IIoT), are seeing increasing cybersecurity threats.
And the result is stark: a 2020 report into OT security found that 90% of organizations had at least one OT system intrusion incident.
Operational Technology (OT) is used to control physical systems such as those found in manufacturing. It extends to cover Industrial Control Systems (ICS) and the ICS management framework, as well as Supervisory Control and Data Acquisition Systems (SCADA). Information Technology (IT) is used to control the sharing, collaboration, and use of data using apps, servers, endpoints, etc.
Industry 4.0 is driving manufacturing and related industries to a new era. The needs of the new manufacturing paradigm are heavily dependent on data. Technologies such as robotics and automation depend on data and advanced data analytics to operate. The smart machines of Industry 4.0 are connected. This connection allows data to be captured, shared, analyzed and used to optimize industrial systems, merging IT and OT.
A July 2020 alert from NSA and CISA (Cybersecurity and Infrastructure Security Agency) sums up the serious nature of the convergence of OT-IT stating “all DoD, NSS, DIB, and U.S. critical infrastructure facilities should take immediate actions to secure their OT assets.”
By merging OT with IT, the previously siloed and protected systems that manufacturing used are now open to the same kinds of security threats normally targeted at IT systems. This includes ransomware and Distributed Denial of Service (DDoS) attacks.
In 2018, Kaspersky explored the security implications of merging OT with IT. Their findings show some shocking realities of the meeting of IT systems with manufacturing technologies.
The reality of the connecting up of IT with OT is described in the IBM X-Force “Threat Intelligence Report Index 2020”. The findings of the report show a massive 2000 % increase in cyber-incidents impacting OT infrastructures. The report also highlights the increasingly destructive nature of these attacks, with ransomware attacks against OT environments up by 67 % in 2019.
Security attacks range from protocol vulnerability attacks through data theft and DDOS/IoT bot attacks. These are some examples of the range of cybersecurity threats in the OT space:
A recent vulnerability affecting all Windows servers was discovered in third-party code used by some of the top manufacturers of industrial control system (ICS) software. A CISA advisory on the issue states that “Successful exploitation of these vulnerabilities could allow an attacker to alter and forge a license file, cause a denial-of-service condition, potentially attain remote code-execution, read heap data and prevent normal operation of third-party software dependent on the CodeMeter”
A RAT or Remote Access Trojan is malware that works by stealth, creating a backdoor for hackers to control and administer cyber-attacks remotely. PoetRAT, was identified by researchers at Talos Intelligence and is believed to be behind attacks against the Azerbaijan government and utility companies. Word documents were used to drop the malware into a system. The RAT targeted (amongst others) the SCADA sector including wind turbine systems.
State-sponsored hacking groups target critical infrastructures for intelligence and disruption purposes. There are a number of such groups using a variety of techniques to perpetrate cyber-attacks. The North Korean hacking group Lazarus is an infamous example. Often, these groups use highly sophisticated tactics that focus on OT-IT convergence. The MATA malware is a framework that consists of several components, including a loader, orchestrator, and plugins which can be used on multiple operating system types. The Lazarus group is known to have used MATA to attack a number of countries such as Japan, Germany and India.
To protect operational security environments there are some baseline protective measures that should be put in place:
Contact Us Today to get an evaluation.
