A new market report by Barracuda, The State of Industrial Security in 2022, points out over 90 per cent of organisations surveyed experienced a security incident in the last year – with less than a third of those organisations acknowledging completion of Industrial Internet of Things (IIoT) and Operational Technology (OT) security projects.
The silver lining here is that those that reported zero security incidents likely completed some IIoT/OT projects, thus emphasising that IIoT/OT projects seem to be effective. In a world where one attack can stifle or even completely disrupt business operations, organisations need to prioritise IIoT and OT security to ensure their assets are protected.
CHALLENGES IMPLEMENTING IIOT/OT SECURITY PROJECTS
As technology continues to evolve, the number of IIoT devices connecting to the internet is rapidly increasing. This shows that most organisations have plans or are implementing IIoT/OT security projects, with enterprise organisations leading the way over smaller businesses. However, these organisations face many challenges in doing so – primarily connectivity and scalability issues.
The healthcare (both public and private), wholesale, oil and gas, agriculture, forestry, and fishing industries are experiencing these challenges first-hand. Other interconnectivity security roadblocks involve long implementation times, lack of technical knowledge, high costs, dealing with legacy infrastructure and different vendors, level of security provided by the solution itself and lack of control over external devices joining the network.
Implementation challenges often lead to failed IIoT/OT security projects.
PROTECT INFRASTRUCTURE BY STOPPING LATERAL MOVEMENT
Intelligent systems connect everything – control systems, sensors, machinery and more – responding to product demands, enabling real-time optimisation of supply chain and manufacturing production networks. Increased connectivity has also exposed formerly isolated systems to the inherent dangers posed by the internet.
Devices that were once considered “safe by design” or simply not “worthy” of being hacked have become much more appealing to today’s threat actors. Changing out devices with newer and safer models is not always an option; today’s organisations have way too many devices deployed to make this a reality. Upgrading device firmware isn’t always possible, either.
Micro-segmentation is the best practice to mitigate the impact of an incident. Isolating potentially vulnerable network devices and only allowing legitimate network traffic is essential to stop lateral movement when an attack hits infrastructure. This involves implementing segmentation between IT and OT and introducing additional segmentation (micro-segmentation) on the OT network, providing the best possible protection by isolating every single device or small groups of devices.
Besides micro-segmentation, organisations should keep the infrastructure and devices fully patched and up-to-date. Security updates can be done manually and internally or via automation through a third-party service provider or a device manufacturer. Every IIoT device also needs a firewall to provide full security and connectivity to industrial control systems, connecting operational technology networks with information technology networks.
REMOTE ACCESS REQUIRES ROBUST SECURITY
Organisationally, internal and external users access OT environments remotely. This frequent use of remote access mechanisms requires strong security, highly performing endpoint devices and multifactor authentication (MFA) measures. However, many organisations that allow full network access don’t have MFA in place. The state of industrial security in 2022 report found that less than 20 per cent of organisations restrict network access and have MFA in place for remote access into OT networks. This situation should never happen in critical sectors and should be addressed immediately.
Given the sensitive nature of these environments, organisations should take every precaution to keep them as secure as possible. IIoT/OT projects for remote access should use Zero Trust solutions that include MFA as a preferred solution, VPN or SSL-VPN where necessary and only with network traffic inspection and access restrictions. Host access to RDP or other screen sharing tools should be avoided – especially given the implications if their devices are compromised.
THE PUBLIC CLOUD IS NOT A SECURITY RISK
The adoption of the public cloud is widespread in some industries but is still being worked on in others. In the government sector, where the use of IIoT tends to be for managing critical infrastructure, the use of the public cloud is very high. Healthcare, mining and metals, agriculture, forestry and fishing, biotechnology, chemicals and pharmaceuticals, and wholesale verticals are on the other end of the spectrum.
Companies using the public cloud are more willing to adopt new technology and edge computing and invest in security.
IIOT/OT SECURITY IS VITAL
In today’s uncertain geopolitical environment, people and organisations are highly concerned with potential cyberattacks – everything from web application attacks to distributed denial-of-service (DDoS) attacks and everything in between. Just one successful supply-chain attack can have wide-reaching, catastrophic impacts.
The high level of incidents stresses the need for IIoT/OT security in every sector – to adequately protect all organisations. Unfortunately, IIoT/OT security currently requires a lot of improvement.
Effective solutions to IIoT security challenges are out there – secure endpoint connectivity devices and modern network firewalls – centrally managed and deployed through secure cloud services. And they’re enabling effective network micro-segmentation and advanced threat protection while providing MFA and implementing Zero Trust Access.
Not without hurdles, IIoT/OT security projects can effectively protect organisations and should be prioritised.