If you thought cybersecurity couldn’t become more of a priority, think again. Belligerent nation-states and other bad actors are expected to launch a concerted effort to steal trade secrets, disrupt services, and execute malicious programs intended to cause infrastructure outages, damages, and worse. One study found a 100% increase in nation-state incidents from 2017 to 2020. And if that’s not nerve wracking enough, we are still dealing with security threats from ransomware, malware and the like.
In today’s interconnected world, anyone and any organization could be a target. That includes operational technology (OT) in the industrial space – a market that has a plethora of soft targets. Unsupported PCs, flat networks with little thought given to security, and old model programmable logic controllers (PLCs) – industrial computers adapted to control the manufacturing process for things such as assembly lines and machines – are ripe for adversaries to compromise, especially as OT and IT converge.
As these OT components go from being stand-alone, independently operated pieces of equipment to being connected to IT networks (hello IoT!), these endpoints have become susceptible entry points for hackers. Unlike other scenarios where hackers are after compromised information or data, those targeting industrial environments are often seeking to cause chaos. These attacks on OT have the potential to cause physical harm, posing big risks to both public and employee safety. Gartner offers a grim prediction for just how quickly these types of cyber threats could be weaponized.
There is good news, however, is there are practical things that can be done – with infrastructure already in place – to fortify OT/IT operations. Here are eight things organizations can do today to help put themselves and others out of harm’s way. The first four are obvious, and the second set less so, but all help ensure companies can take advantage of security features and best practices from existing investments with no further spend required.
First Four: Obvious, but proven
1. Update passwords. Simple, yet incredibly effective. Take it a step further and set up a schedule to consistently reset passwords for maximum benefit.
2. Protect and keep current user accounts. Leverage your existing Active Directory to manage permissions and controls. For example, when employees leave the company or move to different departments within the organization, their permissions should be revoked or adjusted accordingly. In tandem, user accounts should be periodically reviewed to make sure the correct access controls are in place.
3. Separate administrators from operators. Admin accounts should always be closely guarded, and operators should not be able to make inappropriate system changes. Often these happen on accident as human error plays a role, but the impacts can be widely felt. Ensuring the separation of these two groups ensures any accidental system changes are minimized.
4. Segment the network. You have the flexibility to determine how to break down your network into smaller pieces. Doing so is an easy way to add a layer of security to your system and to isolate events. This can also come with an added benefit of improved performance.
Second Four: A layered approach
5. Consider 802.1x port security and disable unused ports. With 802.1x, clients must authenticate through the network when connecting. This means any rogue devices present on the network will not be able to connect and garner unauthorized access. Disabling any unused ports works the same way and prevents unauthorized devices from being plugged in to the network.
6. Save configuration backups offline. Any devices on the system that can have a saved configuration file should have current and prior versions saved in an offline location. In the case of a cyber incident or hardware replacement, those saved configurations can save you a lot of time as you get things back up and running.
7. Disable unused services. Notice a pattern here? It’s important to be proactive so that anything that’s not being used is disabled to prevent unauthorized access. Taking advantage of unused services is a common way for hackers to access a network. Reduce your risk by simply turning them off.
8. Reassign native VLANs. Just like network segmentation, reassigning native VLANs is another opportunity to layer on additional security with equipment that would already be in your system.
The union of IT and OT allows access to data and control that was previously unattainable – and with it comes an increased attack surface for cybersecurity threats. By deploying the eight best practices outlined above, organizations can quickly take steps to help harden their infrastructure and reduce the opportunity for hackers to wreak havoc, all without spending additional dollars on cybersecurity infrastructure.
This piece was written by Matt Powers, vice president of global technology & support services at Wesco International.