Evan Thomas, Channels Director, Armis

  The recently unveiled ‘Future Made in Australia’ heralds an exciting new chapter for local manufacturing. The Australian government is committing to partnership with the private sector to build new industries to protect against unreliable foreign supply chains. 

However, one critical area for success is the concurrent commitment towards manufacturing’s cyber resilience. Managing the cyber threat landscape is crucial to realise the potential of the FMIA vision and the future success of Australia’s manufacturing sector, as cyber threats continue to escalate with the industry’s dependence on Operational Technology (OT) and Industrial Control Systems (ICS). It is vital for businesses to deploy better cybersecurity, platforms and protocols if they are to mitigate the risk faced from cyber criminals.

Securing OT and IT in ICS and Manufacturing environments 

The risk-based challenge with OT environments is that more recently, they are connecting to traditional enterprise IT and wireless networks. No longer being ‘air gapped’ or isolated, control systems are at higher risk of being compromised.

This is because threat-actors now have the opportunity to breach OT systems through IT networks, particularly as OT typically lacks adequate security measures to protect from attack.  

To complicate matters further, OT devices in industrial and manufacturing environments have no built-in security. It is also not possible to install an agent on many of the legacy devices, as they were designed by manufacturers who were operating on the, now invalid, assumption that these devices wouldn’t be connected to any other networks.

Unfortunately, the convergence of IT and OT means this is no longer the case, exposing OT devices to numerous threats. Without the right security capabilities designed with all types of assets (OT, IT, and IoT) in mind, practitioners are limited in their visibility into what devices are on their networks, what risks each device poses to the business, and whether they are displaying any abnormal activities that could point to an active threat or exploitation attempts.

Without such capabilities in place, security leaders will be challenged to assure the business of their ability to detect and safeguard and/or restore operations from a cyberattack with an OT impact in alignment with service level expectations.

Risks to OT 

The number of vulnerabilities in OT devices continue to rise and, as a result, the breaches to operational infrastructures are growing. Many of these vulnerabilities are associated with software on devices, such as URGENT/11, which was a set of 11 zero-day vulnerabilities that impacted various real-time operating systems (RTOS). Real-time OSes are used by SCADA systems, industrial controllers, Programmable Logic Controllers (PLCs), elevators, firewalls, routers, satellite modems, VoIP phones, printers, etc.

If exploited, attackers could take over mission-critical industrial and healthcare devices, bypassing traditional perimeters and security controls. With one device compromised, threat-actors could be able to move laterally to compromise others quickly and easily, spreading rapidly throughout a system and causing immense damage.  

The ways in which cyber criminals can impact OT environments include changes to process automation, which can impact product quality, stopping production lines, affecting safety controls, or even preventing access to breached networks.

How to successfully secure OT and ICS 

Security teams understand the urgency to secure OT environments in the ever-growing threat-landscape; however, these outcomes can’t be achieved with traditional security tools that aren’t compatible with OT devices.

A different holistic approach is required, designed for managed and unmanaged devices and which must: 

• Be agentless, or able to function without the reliance on agents that can’t accommodate the specific devices.
• Be passive, i.e. it should function using only passive technologies as any systems that rely on scans or probes can disrupt and even crash OT devices.
• Have comprehensive security controls that meet most of the important cybersecurity goals specified by NIST CSF or CIS CSC. This requires the use of a variety of security tools, and in the best-case scenario would cover the required security controls using as few tools as possible.
• Have comprehensive device coverage, which includes all unmanaged or industrial IoT devices within an enterprise. Managers can’t secure OT unless IT is also secured by a security platform that functions for all types of industrial control systems.
• Have comprehensive communication coverage that directly monitors all communication pathways that could be used in an attack. This includes ethernet, Wi-Fi, Bluetooth, and BLE.

As Australian organisations embrace our new national manufacturing priorities,  it is becoming increasingly vital to obtain full visibility over all devices connected to their networks, while securing both IT and OT environments with an agentless approach.

This will allow them to detect suspicious behaviour before threat-actors manage to launch any large-scale attacks, as well as avoid operational downtime and loss of reputation even if the attack originates in the IT environment.

With the growing threat facing industries and organisations of all sizes, now is the time to ensure that your security program is enabling and maintaining secure, resilient OT operations.