Security News
The sharp increase in attacks on operational technology systems can be primarily attributed to two key factors: the escalating global threats posed by nation-state actors and the active involvement of profit-driven cybercriminals. The lack of success on the defense side can be attributed to several factors: the complexity of OT environments, the convergence of information technology and OT, insider attacks, supply chain vulnerabilities, and others.
Of particular concern is whether public companies who own and operate industrial control systems and connected IoT infrastructure are prepared to fully define operational risk, and therefore are equipped to fully disclose material business risk from cyber incidents. Operational risk in OT and IoT. Cybersecurity incidents continue to disrupt production, with companies like Clorox reporting product shortages a month after disclosure.
Escalating threats to operational technology have prompted an increasing number of global enterprises to adopt sophisticated technologies and services to enhance the security of their assets. In this Help Net Security video, Christopher Warner, Senior GRC-OT Security Consultant at GuidePoint Security, discusses securing the control systems environment, as well as creating a cybersecurity roadmap.
Cyber entities continue to show a persistent interest in targeting critical infrastructure by taking advantage of vulnerable OT assets. To counter this threat, NSA has released a repository for OT...
"Energy, critical manufacturing, water treatment and nuclear facilities are among the types of critical infrastructure industries under attack in the majority of reported incidents," said Mark Cristiano, commercial director of Global Cybersecurity Services at Rockwell Automation. OT/ICS cybersecurity incidents in the last three years have already exceeded the total number reported between 1991-2000.
"Energy, critical manufacturing, water treatment and nuclear facilities are among the types of critical infrastructure industries under attack in the majority of reported incidents," said Mark Cristiano, commercial director of Global Cybersecurity Services at Rockwell Automation. OT/ICS cybersecurity incidents in the last three years have already exceeded the total number reported between 1991-2000.
MITRE Caldera for OT is now publicly available as an extension to the open-source Caldera platform, allowing security teams to run automated adversary emulation exercises that are specifically focused on threats to operational technology. The first Caldera for OT extensions were developed in partnership between the Homeland Security Systems Engineering and Development Institute, a federally funded research and development center that is managed and operated by MITRE for the Department of Homeland Security, and the Cybersecurity and Infrastructure Security Agency to increase the resiliency of critical infrastructure.
From understanding the challenges of disparate OT protocols and the increasing convergence with IT to grappling with the monumental role of human error, our latest interview with Rohit Bohara, CTO at asvin, delves deep into the landscape of OT security. Can you comment on the challenge of creating disparate security systems for OT environments considering the variety of OT protocols? How does the difference in standardization between IT and OT systems add to this complexity?
A set of 15 high-severity security flaws have been disclosed in the CODESYS V3 software development kit that could result in remote code execution and denial-of-service under specific conditions, posing risks to operational technology environments. "Exploitation of the discovered vulnerabilities, which affect all versions of CODESYS V3 prior to version 3.5.19.0, could put operational technology infrastructure at risk of attacks, such as remote code execution and denial-of-service," Vladimir Tokarev of the Microsoft Threat Intelligence Community said in a report.
Still, most CISOs have made their mark securing IT environments - and IT security strategies and tools rarely translate to an OT context. While the soft skills of collaboration and team-building will certainly help CISOs as they bring the factory floor into their realm of responsibility, they must also make a concentrated effort to understand the OT landscape's unique topography and distinctive security challenges.