Tips against cyber attacks on manufacturing sector

Operational technology (OT) refers to hardware and software that monitors and manages physical equipment and processes. This includes industrial control systems (ICS) such as process control systems, SCADA systems, and industrial devices that are networked with the Internet.

Why the security of OT networks is often a major challenge and what companies can do about it is explained by Christopher Brennan, Regional Director DACH at Skybox Security: "When most OT systems were designed, little attention was paid to safety aspects. However, that has since changed fundamentally. Production networks have become attractive targets for cyberattacks, not least due to easy-to-obtain exploit kits, information on obsolete technologies that can be quickly found via the web, and new criminal business models through ransomware.

With the increasing convergence of IT and OT networks, this threat becomes even greater. Vulnerabilities and security issues provide opportunities for hackers to gain access to both networks and systematically mine critical data and assets or even disrupt vital processes.

Outdated technology, legacy systems, insecure connections, convergence with IT, organizational challenges, and limited visibility and insight make IT security for OT systems particularly challenging.

Unified approach for OT and IT networks

To ensure security in IT and OT environments, companies therefore need to know the entire attack surface of their organization. This includes physical IT and OT as well as virtual and multi-cloud networks. To gain complete visibility into the attack surface, enterprises need a four-step approach:

Disclosure: In the first phase, the detection phase, it is important to identify IT security controls, network topology and assets. On the OT side, this phase should identify DMZ devices (firewalls and other security controls), Level 3 LAN process control systems, including manufacturing systems, inventory control, and any routing equipment, and Level 0-2 assets, including information about the type and location of field devices, PLCs, and other machines, by passively collecting information about network assets and network topology.

Modeling: In the next phase, the collected data should be automatically built into a comprehensive network model that spans both IT and OT networks and also takes vulnerabilities and threats into account. Such a model provides an offline environment in which a variety of security management tasks can be performed without disrupting ongoing network operations. This is of great advantage, especially in production networks where no downtime is possible.

Analysis & Visualization: In these two phases, an interactive, visual model of the attack surface can easily identify risky but necessary connectivity in IT and OT networks, as well as in the cross-connections between the two. Similarly, compliance across the organization can be tracked and potential threats assessed through such a model. Thus, one is able to analyze the paths between the enterprise and production networks in a network model. Firewalls along these paths are identified and their rules are examined: this makes it possible to determine whether access is blocked or allowed.

To gain the insights needed to secure converged networks, solutions must fundamentally have the ability to passively capture information and comprehensively model all networked environments - including the entire OT network. An effective, unified approach solves the traditional challenges between IT and OT teams: OT engineers don't have to become security experts, and IT security managers get the insight they need to effectively understand and manage risk."

Text: Christopher Brennan, Regional Director DACH at Skybox Security