Robots welding in a production line

Report: Critical Infrastructure Cyber Attacks A Global Crisis

The systems we rely on to keep the lights on, heat our homes, make our medicines and move our goods are increasingly connecting to the Internet, and increasingly vulnerable to devastating cyber attacks in what a new report calls a looming “global crisis.”

The new research by cybersecurity firm Claroty finds information technology (IT) and operational technology (OT) converging at a faster pace, leaving firms to accommodate a remote workforce in ways that undermine the security of both IT and OT environments.

The Internet welcomes OT

A strong majority (55%) of 1,100 IT and OT security professionals surveyed said that their organization was more of a target of a cyber attack since the onset of the pandemic. More than two-thirds (70%) said that they have seen cyber criminals deploying new attack techniques since the start of the pandemic.

Spotlight Podcast: Intel’s Matt Areno – Supply Chain is the New Security Battlefield

One reason may be the rapid convergence of IT and OT systems and networks, in part because of accomodations made due to the pandemic. Critical infrastructure operational technology was already interconnecting more widely with IT and the Internet in recent years, but the COVID-19 pandemic has cranked the convergence to warp speed, Claroty said.

According to Claroty’s findings, 67% of respondents, comprised of security professionals in critical infrastructure sectors, said their IT and OT network have become more interconnected since the pandemic began. More than 75% expect they will become even more so as a result of the changes brought about by coronavirus, leaving only 2% who said their IT and OT were completely disconnected.

Updated: Secrecy Reigns as NERC Fines Utilities $10M citing Serious Cyber Risks

The longstanding security issue between IT and OT is they have traditionally served different goals, which has led to different uses and security practices for each. One example is timescales. While it does make sense for a new model of computer or software to come out yearly or monthly, it makes little sense to swap out industrial equipment frequently. Yaniv Vardi, CEO of Claroty, tells the Security Ledger that “connecting an OT environment to the IT network means introducing an operating system that might be nearly old enough to vote, with no means of patching its vulnerabilities.”

Coronavirus Adds a Wrinkle

Malicious cyber actors are attuned to the vulnerabilities brought about by both IT/OT convergence in addition to COVID-19.

Hackers are adapting to how firms are acting in a world impacted by the virus, and exploiting vulnerabilities where they see them. The pharmaceutical industry is a shining example as their research to develop vaccine candidates paints a bullseye on their backs, as stopping production would have a much higher cost than paying a small ransom. 56% of global respondents (52% in US) say they are facing increased threats since the advent of the COVID-19 pandemic, with pharmaceutical, oil and gas, electric utilities, and manufacturing being most at risk.

In an attempt to make these corporations pay up, Vardi notes that cyber criminals are increasingly using targeted ransomware attacks, citing “the highly disruptive ransomware attack against the major automotive manufacturer Honda in June, which disrupted global operations, including manufacturing processes, thus demonstrating how a more deliberate infection strategy can culminate in highly damaging attacks.”

Securing the OT Digital Revolution

All of these factors considered, firms remain optimistic about their security postures. Claroty found that two thirds of respondents saw their transition to remote work was “seamless”. Vardi says this agility is a “testament to the fact that an increasing number of organizations have been prioritizing digital transformation initiatives over the last few years.” He points to trends such as growing globalization and cloud computing allowing businesses to pivot as remote-work becomes increasingly necessary.

From a technical perspective, threat monitoring by way of OT network traffic is an important and simple way to stay prepared and thwart attacks. Organizationally, breaking down silos between the traditionally disconnected IT and OT security practitioners is equally important for maintaining best-practices.

The convergence of IT and OT is not likely to unravel anytime soon, leaving the continuation of society’s most important functions in the hands of security professionals.