Editor’s Question: What security risks are being introduced as IT and OT networks converge?

Editor’s Question: What security risks are being introduced as IT and OT networks converge?

What security risks are being introduced as IT and OT networks converge?

Maher Jadallah, Regional Director – Middle East at Tenable, explains how IT/OT convergence can expose industrial environments to a much wider attack surface.

The convergence of the data side of the business (traditionally the realm of IT) and the operational technology (OT) side (used to manage industrial control systems (ICS)) has revolutionised our critical infrastructure. This connectivity can remove the need for a physical person to be on-site to manually make changes and instead use a computer to remotely adjust settings whenever and wherever necessary. While IT/OT convergence improves efficiency, enables predictive maintenance and reduces downtime, it also exposes industrial environments to a much wider attack surface.

Cybercriminals have infiltrated IT networks for many years, seeking to gain access to sensitive databases and assets. As we continue to connect our OT infrastructure, threat actors are seeing more possibilities to exploit vulnerabilities and exposures in legacy ICS equipment. The merging of these two previously separated environments poses a real risk by introducing even more attack vectors, while making cybersecurity threats harder to detect, investigate and remediate. In addition to the threat to data, an attack against OT systems could have physical consequences, both on the business infrastructure but also cause bodily harm.

When looking at the type of threat faced, particularly as a result of IT and OT convergence, ransomware features prominently. Cybercriminals will seek financial gain and leverage ransomware to hold these organisations hostage.

The second major threat is from inside the organisation, for example, disgruntled employees, third party contractors, compromised individuals or simply human error. Whether the intention is malicious or purely accidental, it can have the same impact. For example, a contractor that plugs a malware infected PC into a remote site.

With cybercriminals typically looking to target low hanging fruit to gain entry, it is inevitable that we will continue to see attacks aimed at the perceived least defended OT infrastructure.

The biggest challenge facing the security teams tasked with managing this complex, sensitive and expanded attack surface is visibility. Automated solutions are needed to identify and characterise converged IT/OT systems, providing a unified, risk-based view detailing what is exposed, where and to what extent across the combined IT and OT environments.

Failure to identify all systems creates blind spots where some systems are potentially insecure, thereby increasing downtime risk. When a security incident occurs, timely resolution depends on immediate availability of accurate inventory including every bit of information all the way from a device model down to the firmware version.

While it might seem overwhelming, identifying weaknesses within OT environments is critical to understanding risk. Vulnerabilities must be assessed and prioritised, based on risk and likelihood of exploitation. Those that create the most risk should be remediated either by patching or by other mitigation measures – such as changes to firewall rules.

Browse our latest issue

Intelligent CIO Middle East

View Magazine Archive