Rise in Low Sophisticated OT Breaches
IT/OT convergence has been a necessary progression of the industrial environment in the digital age. However, while industrial enterprises have been pursuing greater efficiency in their OT systems through digitization, there has been a concerning lack of vigilance in addressing the increased need for enhanced security for the now online OT. OT and integrated control systems (ICS/SCADA) are at very real risk when connected to the internet.
An OT system can be more vulnerable than an IT system because it may not undergo necessary updates and upgrades as often as needed. It is also more likely to have inadequate security controls and monitoring measures in place. With these factors in place, the OT system would be prime target for a hacker, regardless of the hacker’s skill.
The fact that low sophistication attacks are rising in number as low skilled hackers take advantage of the gaps in OT security is concerning by itself. However, it is the potential for more serious fallout, such as the threats to national security when critical infrastructures are hit, that should cause even more concern.
Industrial enterprises are unable to rely on conventional data security solutions, including standard encryption or PKI, for OT security; these measures are not applicable in OT infrastructure because they are unable to comply with industry protocol and standard (i.e. four millisecond time latency requirements). It is also why many vendors that provide security solutions for OT networks prioritize the monitoring of the systems rather than provide security solutions that can protect the data that travels between the PLC and HMI. By default, implementing a response and recovery plan is how many industrial enterprises experience a cyberattack. Hackers of all skill levels are supremely aware of this, and the promise of easy (relatively) clout and/or financial gain is motivating.
Unfortunately, industrial enterprise leaders should expect breaches to continue and grow in number as long as they fail to utilize preventative OT security solutions in conjunction with applying best security practices. Securing the data that traverse OT networks requires the use of cryptography technology that can work with legacy systems and provide enhanced encryption and user authentication for all access vectors, all while complying with standards and regulations.
The hackers that are executing the low sophistication attacks on OT systems will continue to glean valuable insight from their endeavors; their attacks are already becoming more refined. These same systems are also vulnerable to other better equipped, more skilled and more highly motivated hackers, such as state-sponsored entities with more nefarious motives who may view exploiting the security vulnerabilities of control processes that oversee critical infrastructure as being a viable option in a conflict. Industrial enterprise leaders, particularly those who maintain and manage critical infrastructure, should be learning from the attacks as well and seek OT security solutions that can prevent breaches.
The growing prevalence of the low sophistication OT attacks highlights the fact that the data security measures that are in place are lacking and have vulnerabilities that are ripe for attack. In many cases, while OT has been progressing, the security for those systems has not been keeping pace. As long as the OT security of an industrial enterprise lags behind the progress of its IT/OT convergence, there is likely to be an increase in data breaches in industrial environments.