by Patricia Frost
Contributing Editor

We all have blind spots…

I recently had the opportunity to spend an evening talking to a reporter about the cybersecurity vulnerabilities in operational technologies found in heavy industries. We started our discussion with the general questions about “how safe are we” which quickly moved into the quality discussion that everyone should be having on “how prepared are we”. We had a lively talk about “when” not “if” a breach happens and how quickly a heavy industrial company can respond and continue to function.  Operational impacts for a specific period of time on industrial control systems (ICS) can be catastrophic and, for some, existential to the business. So, what is our blind spot as we look at the operational landscape of our heavy industrial sector which is critical to everyday life needs – water, power, transportation….?

The operational technology (OT) attack surface is predominately open, unsecure and legacy – meaning the majority of the equipment is not reconfigurable or easily upgraded without breaking its operational use.  Industrial control systems (ICS) were considered safe over the last several decades because they truly were isolated, air-gapped networks. With the development of the Industrial Internet of Things (IIoT) and the convergence of Operational Technology (OT) and Information Technology (IT) networks, the perfect environment now exists for cyber criminals, hacktavists and nation-state cyber actors to attack attractive and high-payoff targets. 

With this increasing awareness of the IIoT, software companies are rapidly developing and offering solutions specifically designed for OT networks.  Unfortunately, the majority of the solutions are based on securing the IP-based network (Data packets), starting from the Program Logic Controllers (PLCs), Level 1 of the Purdue Model, and moving up the network to supervisory controls, operations management to business management – an area in which cybersecurity specialists have depth of knowledge and a proven track record of security. This is critical but something is missing!  We are blind and ignoring the critical asset itself (Level 0) and how to know with certainty that it is operating normally. ICS assets transmit raw, unhackable electrical signals from sensor/actuator to the PLC.  This is the level that requires transparency and visibility into the real-time status of the critical end-devices of the OT network. However, very few solutions exist that can provide smart notifications to operators on whether or not critical assets are operating above or below normal operating procedures. 

The most reliable source of information rests in the Level 0, industrial control asset itself. This is the blind spot that needs to be understood and solved because too many cybersecurity solutions are solely focused on monitoring the data packets network which can be hacked. 

We need anomaly detection of the OT assets in real time if we are going to take control away from those who want to harm the critical infrastructure of our country.  Nested cybersecurity solutions are needed from Level 0-5, but the endpoint needs greater attention.  During my recent trip to Israel, I was impressed with the innovation and cybersecurity solution being provided in this area by SIGA OT Solutions (www.sigasec.com). It is a young and unique cybersecurity company that is worth engaging as they are addressing this critical gap. 

Leave a Reply

Your email address will not be published. Required fields are marked *