The Four OT Cybersecurity Threats to Focus on in 2023

The premise that information technology (IT) and operational technology (OT) environments, and the industrial internet of things (IIoT) overall, are converging is nothing new to professionals in the cybersecurity world. The same goes for the state of the threat landscape — one that’s always evolving and is keen on striking where critical networks are most vulnerable. There is a lot of money to be made for the bad actors targeting the critical networks that help us maintain our modern way of life. Think for a moment about the recent attacks on the Colonial Oil Pipeline, or various water processing facilities; by holding fuel and water hostage through ransomware and other nefarious hacks, cybercriminals know precisely where their actions will be felt the most. This, along with the convergence, challenges that are growing exponentially in complexity, the widening skills gap, frequently changing regulatory oversight, and inadequately designed and implemented cybersecurity solutions only exacerbate the overall problem, spotlighting those vulnerabilities.

While these threats and the challenges they present are industry agnostic, some of the 16 pre-defined critical infrastructure sectors stand to face greater pressure from evolving threat vectors. For instance, the manufacturing sector is increasingly reliant on OT to manage processes, improve efficiency and reduce costs. However, the increased digitalization of OT environments in the manufacturing sector also brings with it new cybersecurity risks.

The pandemic pushed many manufacturers to accelerate their adoption and implementation of digital technologies simply to remain in business. Factories that had no ability to run remotely or adjust production lines based on rapidly changing supply and demand requirements shut down until they could become more agile. Many adopted intelligent digital worker solutions, such as software robots or AI-powered assistants, to support production lines and still protect employees from COVID-19. These solutions helped manufacturers survive a rough period, while simultaneously increasing the complexity of software within their organizations. New and legacy software need to be maintained and secured, but the challenges of doing so are different in ICS/OT environments than they are in traditional IT environments. 

The integration of these digital technologies with the vast amount of data available is ultimately what has led to the digitalization of manufacturing. Despite the introduction of AI and machine learning, like others across the spectrum of critical sectors, many manufacturers still face challenges in ensuring effective cybersecurity due to the complexity of their legacy software and removable media threats. To continue adopting new technologies and meeting demand, it is critical for manufacturers to implement comprehensive security controls that address these challenges in 2023.

With all these complexities to consider, it can be disorienting to know where to start regardless of what industry you’re protecting. Many find themselves looking for a “silver bullet,” the be-all, end-all to solving a mess of cybersecurity woes. I won’t be the first to say it, but hopefully, I’ll be the last you’ll need to hear it from; there is no silver bullet. However, that doesn’t mean that there isn’t a clear answer. The way forward when it comes to comprehensively dealing with these threats is by considering your organization’s cybersecurity maturity as a whole and moreover, identifying areas of opportunity to advance it.

Simply put, you can’t protect what you can’t see — and seeing your entire OT inventory in a meaningful way is no small feat.

What is cybersecurity maturity?

The simplest way to think of cybersecurity maturity is by looking at how well your current strategy spans across passive defense and active defense, beginning with solutions for asset visibility, network security, and endpoint protection on the passive side, and threat detection, response, and recovery on the active side, with connectivity security between them. As your cybersecurity human power, solutions and technology implementation grow in sophistication, so too does your advancement along the path of cybersecurity maturation.

So where do you begin? Let’s look at four different areas of OT cybersecurity organizations should focus on in 2023.

Maintaining security perimeters

Ensuring you’ve established a strong security perimeter around your OT environment is foundational to any defense-in-depth cybersecurity strategy, and a great first step in cybersecurity maturation. With ever-increasing communications between IT and OT environments, implementing a security gateway that ensures guaranteed lossless, one-way dataflow. Security gateways provide protection that no firewall can match; they are simple to deploy and configure, highly scalable, and as an added benefit, keep you compliant with industrial cyber security standards such as NIST ICS/CSF/800-82/800-53 and more.

Additionally, some security gateways offer additional protection; with built-in technologies that implement added layers of security, data is scanned for threats before it passes through to your critical environment.

Remote access management

Living in a post-pandemic world has vastly increased the number of bring- your-own-device (BYOD) and remote access endpoints in working environments across the spectrum. Protecting your critical assets from BYOD and remote-borne cyberthreats is also critical. Implementing a strong remote access security strategy for OT goes beyond the typical firewalls and VPNs that have long been the go-to to protect IT. With a VPN, once a user gains access to the OT network, they can inspect any asset without supervision. Should something go wrong, you have no option to end their session.

A purpose-built remote access security solution eliminates this risk. The right solution can enforce logical line-of-sight protection wherein users can only access what the policies allow them to see and nothing else. This allows you to effectively establish granular visibility and control down to the asset, protocol and the users themselves.

OT network visibility

Simply put, you can’t protect what you can’t see — and seeing your entire OT inventory in a meaningful way is no small feat. Many OT environments comprise a wide variety of devices with different operating systems and firmware versions, different makes and models, different countries of origin, and different communication roles and patterns. You need a “smart” solution to navigate the complexities of this challenge. Look for an asset inventory and OT network visibility solution that can map your OT network infrastructure and display it in a way that’s easy to understand, and one that learns what’s normal behavior so it can alert you clearly and promptly when anomalies and potential threats are present. You want a solution that is easy for OT operators to use too; a single pane of glass with a dashboard that gives valuable insight into what’s happening and what needs to be done.

More than just providing visibility and asset management, this challenge also comes with the task of compliance enforcement. Are devices with non-compliant countries of origin trying to interact with devices on your network? When you put a solution in place for OT network visibility and asset management, you should be considering this benefit as well.

Removable media protection

Building data trust at the point of entry is critical to protecting your networks and the devices on them. Data from removable media enters your OT environment for a variety of necessary reasons, for instance, updating PLCs and other devices on air-gapped networks. These devices exist in different types of locations, each requiring different needs when it comes to protecting them. Being able to trust that data means implementing the right kiosk and/or media firewall and storage solutions to protect these devices is crucial to keeping them secure.

Look for a multi-faceted, removable media security that goes beyond basic needs. Do you need it to be mobile? Does it accept all the necessary media types? How thoroughly is it scanning the media? Is the data at rest secure? These are just a few examples of the questions you should ask before choosing your solution.

The maturation of your cybersecurity strategy isn’t something that happens overnight. It’s something that takes careful planning. After all, you are solving a complex set of challenges here. Consider how the solutions you put in place ladder into each other to build a comprehensive, in-depth defensive strategy that gives you peace of mind that your business is best protected from the threats that aim to disrupt it.

Your organization’s success ultimately depends on its ability to reputably deliver on its promises. This means that comprehensive cybersecurity is far beyond being a luxury. Maturing your organization’s cybersecurity is a necessity, and something that needs to be wisely invested in to ensure that cyberthreats don’t stand in the way of delivering on the promises you intend on keeping to those you serve.

Peter Lund has a strong technical and business background with over 15 years of experience working with and for IT and OT product companies. As the VP of products, OT security at OPSWAT, he is responsible for overseeing and managing OPSWAT's growing OT and industrial cybersecurity business unit. In addition to his product management role, he utilizes a wide range of experience in application development, systems engineering and marketing.