Session Title | Challenges to OT Security

The evolving and expanding nature of cyber threats. How do threats look like in future?
The future of connected OT (keeping industry 4.0 in mind) and the threats of the future.
Icebreaker: 5G as tool to hack – One may think that Factory is physically secured very tightly, so no external entity can hack internal Air Gaped wireless network. BUT landing drones on roof of factory is as if Russian/ Chinese Hacker is sitting right on your roof to hack your internal Air Gaped wireless network. In future we might need Radars to detect drones - another dimension of Intrusion Detection. Can’t predict where Offensive Security would lead in Prevention of this Intrusion.
IIoT – Industrial Internet of Things: sensors, actuators inviting more threats to OT networks
Consider Smart Cities, Rail, Roads, Stadiums etc. controlled with IIoT especially during Sports Events when whole country under lime light focus of the world while hearing recent (2021) news of OT Cyber Attacks Pipeline Operator in USA, Nuclear Facility in Iran, Power plant in India
Political regional situations igniting threats of Nation State and Activists as well as internal threats of disgruntled ex/ current employees due to Covid related economic situation
RDDOS - Ransom Distributed Denial-Of-Service Attack: Old School Ransomware are still at rise especially because of Bitcoin, but due to billions of cheap less secure IoTs, recently organizations are receiving mails from Threat Actors like: Fancy Bear (APT28), Lazarus, Armada about RDDoS or else their websites/systems will be D-DoSed up to 2Tbps DDoS attack
Threat from the Cyber Supply chain like recent famous incident (SolarWinds)
Securing threats targeting remote workforce
The challenges of the process network keeping remote workforce in mind
Mostly OT Networks should be Air Gapped from Internet or if required should be connected through Data Diode i.e. Unidirectional outbound communication only. Giving access to Remote workforce for OT environment is great challenge, especially for Vendor Support. Following are some Secure Solutions for Remote workforce/ support to meet the challenges:
Jump Servers
Digital Helmet (with camera, mic, headphones…)
Temporary Serial to Internet Connector (with VPN, Firewall etc.)
Remote configuration on isolated replica of production system in IDMZ and then replication of configurations from Replica to Production Systems
Workforce working from homes don’t have as many physical, and home network security controls so besides obvious solutions like Virtual Desktop Solutions, MFA - Multi Factor Authentication, VPN, Mobile Device Management (MDM), More focus on End Point Protection (HIPS), EDR- Endpoint Detection & Response, Application Whitelisting and User awareness to be considered.
How the changing nature of cyber-crime and app & data accessibility create risk and the essentials of application and data protection?
The importance of network segregation and robust BCP and DRP.
Remote Work force changed the security landscape totally in competition of providing each and every service to Mobile. This has increased the risks to application and data accessibility as well as privacy related compliance challenges such as GDPR.
But since cyber-crime is expanding it’s scope to OT/ ICS environment so beyond risk of data & application now we are facing the risk of loss of human life (the priceless asset), Plant Damage, Plant shutdown, production stoppage, and impacts may lead to much larger in case of cyber attack on critical infrastructure like power/ utility company, oil & gas.
Laying the Foundations for Zero Trust
Segregation again, along with IAM and PAM etc.
Long journey while balancing requirements of Availability especially environments where people work in shifts with shared credentials on legacy systems
Zero Trust with micro-segmentation, least privilege, MFA, IAM, User Behavior Analytics, Machine Learning, AI, Encryption is need of the day against threats like recent Supply Chan Cyber Attack (SolarWinds), Challenges of Remote Work, Insider Threat by disgruntled ex/ current Employees, Contractors as well as Compromised Service Providers. More focus required in cloud environment in terms of Zero Trust
Last but not the least, Zero Trust is not just technology; it’s about process and mindset as well
Digital hygiene: Key to outrun cyber threats?
The challenges related to an up-to-date infrastructure/Services and an efficient SNOC.
No silver bullet solution which fits all but top one aspect which return most in majority of the cases is Visibility.
Visibility of your all information/ IT assets and their importance/ classification
Visibility and clarity of all of your crown jewels
Visibility of all the vulnerabilities of your assets
Visibility and Intelligence of threats to your organization, similar organizations, industry, country
Visibility of your competencies & capabilities
Visibility of traffic, user behavior, machine routine & peak statistics
Visibility of deviations from routines (number of routine attacks/traffic vs abnormally increased number of attacks/ traffic)