Ürünlerimiz ve çözümlerimiz hakkında daha fazla bilgi, çevrimiçi sunumlar, demolar ve PoC talepleri için bizimle iletişime geçin.

Contact us for more information about our products and solutions, online presentations, demos and PoC requests.

Gallery

İletişim / Contact

İçerenköy Mah. Umut Sok. Quick Tower, Kozyatağı – İstanbul / Türkiye

hello@cerrus.io

+90 216 999 1394

Cyber Security

Threats to OT and Effective Mitigation Strategies

Why has OT security suddenly become a hot topic?

We live in a rapidly changing, digital world where companies are delivering increasingly complex Information Technology (IT) and Operational Technology (OT) business solutions. The key objective in Digital Transformation is to find efficiency and productivity gains that significantly impact the bottom line.

Across industry sectors, we see businesses blending aging infrastructure that should never have been networked with new equipment and technology, making it harder to maintain. The more devices on a network, the greater the attack surface, inadvertently putting data, people, processes and critical infrastructure at risk.

Software exploits designed to infect corporate IT networks, threatening data and finances, can quickly spread to operational networks and even industrial control system networks. This can cause large-scale disruptions, shut down critical infrastructure and even threaten human lives.

We hear about these attacks all the time. Recent examples include the Oldsmar, Florida breach, where a hacker gained access to the water treatment system and attempted to increase sodium hydroxide levels, putting thousands of city residents at risk of poisoning. Then there was the breach of Norsk Hydro, one of the world’s largest aluminum producers; similarly, the ransomware attack on Australian beverage producer LION forced it to halt production, affecting customers, suppliers and the entire supply chain.

These attacks on industrial control systems operating in different verticals demonstrate time and time again the high importance of OT Security.

OT security needs a new approach

The convergence of IT, OT and industrial control system (ICS) networks demands a new approach to security that takes into account every aspect of a business – from data, people, infrastructure and industrial control system networks to manufacturing processes, distribution and the supplier network.

The need to embed extended cybersecurity procedures will become even more critical with the imminent rollout of 5G, facilitating an explosion of data from OT, IT and IoT networks. While companies will reap the benefits of quickly collecting, analyzing and managing large amounts of data to achieve productivity improvements, hackers will also have ample opportunities to breach networks.

Breach risks are no longer limited to data and financial loss… they extend to disruption of production processes and supply, and even potential injury or loss of human life.

Challenges of OT and IT convergence

One of the biggest challenges for businesses today is to create a unified cybersecurity strategy that takes into account the goals and priorities of all aspects of the organization. This is due to the disconnect between IT and OT managers.

Challenges in the Security Operations Center

An IT security professional who does not fully understand how a plant operates may not realize the downstream impact of isolating an area of the plant to perform a security upgrade. Performing regular maintenance or emergency patching will result in lost production, missed deadlines and even on-site confusion if not properly planned.

Challenges on the ground

On the other hand, without a clear understanding of cyberattack threats, those in the field may not realize the impact an attack could have on productivity. For example, a rapid shutdown of the plant could result in wasted resources, failure to fulfill customer orders, and major reputational and financial damage. Staff may not realize that a cyber attack that disrupts equipment can lead to accidents and even fatalities.

In addition, they may not realize that unless measures are taken to protect infrastructure against cyber attacks, the company could be held liable for damages to its employees or third parties.

The security threat is real, but they may perceive the possibility of an attack as a risk worth taking in the name of continuous production.

Security is not an option; it is a legal obligation

Recognizing the increasing risks and impacts of cyber-attacks on critical infrastructure assets in the public and private sphere, the Turkish Government is currently amending the Security Legislation law.

Important recent regulations in Turkey, such as the current Presidential Circular No. 2019/12 on “Information and Communication Security Measures” and the Information Security Guide published by the Presidential Digital Transformation Office in July 2020, require critical infrastructures and industrial control systems to demonstrate their ability to detect and block cyber threats and use approved solutions. However, ever-changing threat profiles require operators to increase their adaptability for compliance and be proactive in creating their own customized cybersecurity roadmaps.

Businesses with critical infrastructure assets should do the following:

  1. Adopt and maintain a critical infrastructure risk management program to manage and mitigate risks by applying an all-hazards approach
  2. Existing information technology infrastructures should be gradually harmonized with these principles within the framework of the plan to be included in the Guide following its publication, taking into account the security level priorities.
  3. Cyber security audits should be conducted and the results of the audit and the corrective and preventive actions taken should be submitted to the Digital Transformation Office as a report in accordance with the procedures and principles specified in the Guidelines.

Effectively, this legally obliges companies to have a cybersecurity program in place to mitigate the risk of cyberattacks and manage the isolation, repair, reporting and re-establishment of processes with minimal disruption.

Indeed, the effects of a cyber attack are far-reaching. If an accident happens and death results from the attack, it doesn’t matter how it happens; your organization must take the necessary steps to identify the risk of a cyber incident happening.

Therefore, as part of your cybersecurity process, you need to identify risks, assess the likelihood of an incident occurring, take steps to mitigate, monitor and manage risks, and report an incident.

Following an incident, you need to take action to change the situation, and when new equipment is installed or new people arrive on site, you must have appropriate training to ensure that everyone understands the processes and controls.

Governments must participate in the solution

While some organizations have found it more difficult to focus the attention of their boards on the need for infrastructure security and justify the expense required to do so, the amended security law should make this a thing of the past.

When administrations understand that they have a legal responsibility to establish a cybersecurity program, they will understand that the risk is real, as is the threat to security, data, finance, third parties and production.

So how do you implement a cyber security program?

When you talk about protecting your OT and IoT, you are talking about maintaining flexibility and productivity… and all of this is achieved through security.

Designing and implementing an effective cybersecurity process to protect your industrial infrastructure requires a deep understanding of your production facilities. You need to know where assets are located and who runs them, the skills and priorities of operators and engineers. When studying the supply chain, you need to see unfinished products coming in, finished products going out. Next, you need to familiarize yourself with the Purdue model for industrial control processes. This industry-adopted reference model shows the interconnections and interdependencies of all major components within a typical industrial control system and highlights the levels of protection needed across the network.

Importantly, you need visibility of all operations so that you can identify when a process is out of the norm. You need to understand the impact of a shutdown on every aspect of the plant and business and develop a recovery plan to guide the organization to minimize loss in the event of an attack and shutdown – you need to know which parts of the plant will be restored and in what order.

The volume and speed at which production processes take place really brings the true impact of disruption into perspective. When entire plants stop working all at once, hundreds of thousands of products on the line may have to be discarded. This is a huge impact.

You can gain a full understanding by getting to know your operations teams who start and stop systems from scratch. When you work on processes with these teams and explain what and why, your cyber security process is clearly documented.

“If you can’t see it, you can’t protect it.”

Invest in smart OT/IoT security

As well as clear processes, businesses need to be equipped to monitor, detect and respond to incidents and, more importantly, be able to report them in accordance with existing legislation. This is something that global cybersecurity provider Fortinet offers.

Recognized in Gartner Peer Insights Customers’ Choice 2021, the company’s portfolio of tools and technologies enables coordinated threat detection and policy management across the entire digital attack surface, even as environments increasingly converge at the edge, clouds, endpoints and users.

To stay on top of the convergence of IT, OT and IoT, you need to be well-informed. That’s why Nozomi Networks has experts who do this on behalf of businesses, providing the intelligence needed to ensure the security operations team can “point their guns in the right direction”.

As increasing convergence presents greater threats, vulnerabilities, risks and anomalies, the value of being able to monitor networks with speed and expertise will continue to grow. To this end, the company is developing AI and machine learning to detect activity outside the norm – meaning customers can be precisely alerted to risks and, in doing so, avoid wasting time chasing false positives.

Fortinet and Nozomi Networks are designing and implementing holistic cybersecurity processes that protect companies’ IT, OT and IoT in an increasingly converged world. At Cerrus, with our certified security experts who recognize the challenges of meeting different priorities in different areas of organizations, we communicate with our customers in detail and take the time to understand all their processes, goals and budget at the deepest level. We then create a customized cybersecurity plan that protects their data and infrastructure from attack, equips them to respond to attacks, and enables them to minimize disruption to their processes in the event of an attack.

Not investing in cybersecurity is no longer an option – IT, OT and staff – you are on a truly important journey to protect millions of dollars of value by elevating your organization.