OT/IoT Security – Never Trust, Always Verify
To date, many security experts have addressed the needs of IT, IoT and OT networks separately. However, as companies embrace and drive their digital transformation, these networks and the cloud are rapidly converging.
Security and risk professionals should consider Zero Trust strategies to mitigate risk in these hybrid IT/IoT/OT/cloud environments. Starting from a ‘never trust, always verify’ mindset will limit the impact of breaches wherever they occur.
In relation to the cloud, businesses – especially security teams – resisted it for a while. Except in very sensitive areas such as OT and nuclear power generation, this battle will largely be lost because the analytical capabilities of cloud services from service and security providers will be of so much value to operations.
The day will come when a business will be able to view all its assets on a network map, regardless of where they are or what they are. And security professionals will be able to holistically manage cyber risk across all domains and facilities.
The SolarWinds supply chain attack was the most notable attack of 2020, giving threat actors direct access to various organizations and their systems.
With all the risks associated with the supply chain, organizations must mitigate risk and improve supply chain resilience.
SolarWinds is probably the most complex intelligence operation known to the public. The resources needed to detect the development of this campaign are not available to all but the top 0.1% of businesses. We must therefore build resilient security architectures that will prevent commoditized breach techniques and tools and limit the impact of events like SolarWinds.
Organizations should adopt a Zero Trust approach to IT operations and security tools like SolarWinds again. Limit access to systems, applications and networks to only those manufacturers or consultants who need access to them. This way, when the next compromised software update is downloaded, the communication of the threat is blocked.
Attacks on critical infrastructure are persistent and widespread, and can have a major impact on everything from business processes to revenue to human lives. The Oldsmar water plant incident is just one recent example. Going forward, we must do better to protect our critical infrastructure and reduce the impact of these risks as much as possible.
We need a comprehensive strategy to protect critical infrastructure. There are areas for governments to improve to increase regulation of critical infrastructure. NERC CIP can be a model for other critical infrastructure such as water treatment systems.
Our supply chain is vulnerable to malicious actors and disruptions due to geopolitical events. Governments also have a role to play here. When it comes to cyber-attacks, there has been a significant focus on who is responsible for the attack, especially when it comes to state-connected actors.
Critical infrastructure asset owners and operators can best spend their valuable resources to limit the impact of any breach through Zero Trust strategies and have a consistently tested incident response plan.
The recent transition of people working in corporate locations to home offices poses several challenges for security teams and companies. There are some risks associated with remote access and organizations need to improve their cybersecurity posture.
Many businesses have put together remote access solutions with the onset of the pandemic. In relation to Oldsmar, TeamViewer was probably a quick solution purchased and installed without the normal architecture and security reviews.
Oldsmar had already upgraded to a more secure remote access solution but was unable to disable the temporary TeamViewer solution.
To prevent breaches like Oldsmar, continuous asset inventory is a must.
With the Zero Trust strategy, organizations remove or turn off unused, unnecessary hardware, software and features to reduce the organization’s attack surface.
Also, with the Zero Trust strategy, we highly segment user accounts to reduce the risk of credential theft.
Securing Your IoT Devices – Context Matters
New technologies that improve business productivity and strengthen our society continue to emerge, but they also bring unknown challenges to critical infrastructure efficiency, reliability and cybersecurity.
Understanding the context of the risks these devices present is crucial to mitigating them successfully and sustainably. It is the responsibility of cybersecurity experts to advise business stakeholders on the best way forward.
For information about our OT, IT and IoT Security products: hello@cerrus.io