Detailed Notes on Operational Technology and Cybersecurity

Introduction to Operational Technology (OT)

• OT plays a significant role in cybersecurity, exemplified by the Colonial Pipeline cyberattack which highlighted vulnerabilities in OT systems.
• The attack was facilitated by outdated systems and weak password security.
• Consequences included a spike in gas prices across the Southeast and the US, emphasizing how OT issues can impact all citizens.

Trends & Statistics

• Annual cybersecurity reports by Fortinet reveal trends in OT-related threats by surveying over 500 professionals in organizations with OT infrastructure.
• Rising mobile security breaches are indicative of vulnerabilities in devices like smartphones and tablets entering OT environments.
• A noticeable increase in attacks on OT systems, contrasting a decrease in attacks on enterprise IT, indicates OT’s growing target profile in cybersecurity.

Categories of OT

• Internet of Things (IoT): Consumer devices connected to the internet, such as smart cameras and thermostats. Often less secure and regularly introduces vulnerabilities into business networks.
• Industrial IoT (IIoT): Tailored for business environments, potentially offering better security than traditional IoT devices.
• SCADA (Supervisory Control and Data Acquisition): Used to manage and control industrial processes, including utilities, and represents a crucial part of OT infrastructure.
• Embedded Devices: Devices with a fixed functionality, operating operating systems designed to control specific hardware.
• Industrial Control Systems (ICS): Represents the systems managing IIoT devices, crucial for controlling multi-location operations and processes.
• Distributed Control Systems (DCS): A variation of ICS for expansive, multi-location implementations.

Key OT Components

• PLCs (Programmable Logic Controllers): Essential devices that collect data, such as sensor readings, and control processes in industrial settings.
• HMIs (Human-Machine Interfaces): Interfaces that allow users to interact with data collected by PLCs, such as touchscreen controls.
• RTUs (Remote Telemetry Units): Devices that collect and transmit telemetry data from remote locations.

Cybersecurity in OT

• Traditional IT security principles focus on the CIA triad (Confidentiality, Integrity, Availability), but OT prioritizes availability due to the critical nature of operational data (often referred to as AIC: Availability, Integrity, Confidentiality).
• SRP (Safety, Reliability, Performance): An alternative focus in OT that emphasizes the importance of maintaining operational safety and consistency in performance over traditional information confidentiality.

Vulnerabilities in OT Systems

• Many OT systems use obsolete technology, leading to heightened vulnerability due to legacy components.
• Issues with outdated hardware and software make patching difficult.
• Weak passwords (default credentials often remain unchanged) and physical security vulnerabilities are prominent risks in OT environments.
• Reliance on physical access controls is critical; ineffective physical security can allow unauthorized access to OT systems.

Segregation of IT and OT Networks

• Historically combined systems have led to greater risks; current best practices recommend physical and logical separation of IT and OT networks.
• Organizations are advised against using IT credentials to gain access to OT systems to minimize the risk of lateral movement from IT breaches.

Best Practices for Secure OT Management

• Implement micro-segmentation to separate different operational environments and ensure distinct access controls.
• Conduct rigorous firewall management: establish rules to deny all traffic not explicitly permitted.
• Utilize advanced security frameworks and monitoring tools to oversee OT network activity and mitigate threats, such as Zeke, Snort, and Security Onion.

Regulatory Frameworks & Standards

• Several frameworks guide OT cybersecurity, including NIST SP 800-82, IEC 62443, and industry-specific guidelines like NERC-CIP for electric utilities.
• Organizations should familiarize themselves with these standards to ensure compliance and bolster security protocols in OT systems.

Emerging Threats & Vulnerabilities

• Examples include the MySCADIMITRO and Volt Typhoon threats, indicating not just systemic vulnerabilities, but threats related to nation-state actors targeting critical infrastructure.
• The OT environment must adapt to evolving cyber threats while maintaining operational integrity and safety.