Critical infrastructure systems underpin many services that are fundamental to our life as we know it, whether it is communications, healthcare, transport, or energy supply. It is no surprise that they are attractive targets to bad actors, who seek to cause significant disruption for either political, ideological, or financial gain.
Earlier in November, DP World Australia, one of the world’s largest port operators, experienced a security breach, which forced a system shut down and restricted access to four of Australia’s biggest ports. This mass closure impacted its supply chain operations over several days, resulting in logistical disruptions with ports largely unable to move goods. In the same month, Singapore’s public healthcare institutions experienced a distributed denial-of-service attack, which resulted in a seven-hour disruption to its web services. Fortunately, critical systems for clinical operations remained accessible during the period and the delivery of patient care was unaffected.
As attacks on critical infrastructure intensify, organisations will have to ensure a comprehensive cybersecurity posture to defend their network and infrastructure from threats. This starts with securing their information technology (IT), and increasingly, their operational technology (OT) systems, which are critical to the functioning of many industries.
With OT systems coming online, coupled with the continued proliferation and advancement of attacks on IT systems, cybercriminals are pushing the boundaries further by adopting innovative tactics to target OT systems. Unlike IT systems, OT systems oversee the control of physical processes and equipment. What this means is that any cyberattack on OT systems can lead to significant repercussions, with effects extending beyond data breaches, impacting the safety and functionality of critical infrastructure. With legacy systems becoming the weakest link in one’s environment, the security of OT systems must not be overlooked but rather prioritised alongside IT systems.
Managing the IT-OT cybersecurity gap
Consolidating the management of both OT and IT systems can help organisations secure their OT from cyberthreats. Nevertheless, integrating these two systems comes with a fundamental challenge — the disparity in security protocols between these domains. Many OT systems depend on legacy architecture, which natively lacks support for modern security and authentication protocols. The decentralised structure of OT systems also poses a challenge for organisations to attain full visibility of their network. This lack of visibility to detect and respond to potential threats renders the system more susceptible to cyberattacks.
While integrating IT and OT systems into a unified stack allows for more comprehensive monitoring and streamlined analysis, it is not without inherent risks. Security teams will have to take into consideration system maintenance incompatibility, as OT systems typically rely on proprietary protocols and require remote access connections for maintenance. Consequently, if the system’s security requirements cannot be met, upgrading may not be an option, and replacement could be necessary.
IT-OT convergence best practices
With a better understanding of the differences between IT and OT systems, organisations should focus on bolstering the three key fundamentals – people, processes, and technology – to fortify their critical infrastructure security.
- Facilitate collaboration across IT-OT working groups
Employees play a pivotal role as the frontline defence in safeguarding critical infrastructure systems. Organisations can adopt a proactive approach by facilitating opportunities to unite IT and OT departments together and foster a shared understanding of both environments. Collaborative initiatives such as cross-training across IT-OT working groups can help with outlining clear overall objectives, as well as identifying roles and responsibilities for both teams. Overall, this simplifies the management of the newly merged technology and aids in improving overall operational efficiency.
- Integrate and standardise data between IT-OT systems
IT-OT convergence helps break down data silos and enhance connectivity between both systems. Hence, the key lies in consolidating the management of both OT and IT systems. A standardised data management ensures consistent communication between both systems, which in turn supports a cohesive cybersecurity strategy. Through data integration, organisations can effectively optimise their operations, and glean real-time data visibility for early detection of potential threats.
- Implement SIEM security software
The implementation of cybersecurity tools can help organisations provide real-time threat monitoring, detection, and response, across both IT and OT environments. For instance, security information and event management (SIEM) software can help organisations establish a comprehensive, centralised point of visibility in real time, minimising the threat surface for cybercriminals. Organisations are thus able to correlate and analyse security events across both IT and OT environments easily.
To reduce the impact of IT and OT attacks, it is critical to understand the attack from multiple angles. With the SIEM as an information hub in the security operation centre (SOC), it will be able to help analyse threats from different perspectives, such as network behaviour, user and entity behaviour, and even threat intelligence from third parties. The SIEM platform will be able to help qualify threats and their impact, and automatically respond based on the assigned playbook for the related attack. With automatic response capabilities, organisations will be able to respond quickly and effectively against OT and IT attacks.
In today’s volatile environment, cybercriminals are no longer limited to just targeting IT systems and have expanded by exploring other avenues to induce physical disruption. Organisations must learn to embrace collaborative security measures and adopt a unified approach to IT and OT security to strengthen their cybersecurity defences. Narrowing the security disparity between IT and OT systems serves as the first foundational step in this endeavour.