OT Cyber Attacks Proliferating Despite Growing Cybersecurity Spend

Cyber Security Threat Summary:
The significant rise in attacks on operational technology (OT) systems is primarily due to two key factors: increasing global threats from nation state actors and the involvement of profit-driven cybercriminals often backed by the former. The lack of success in defending against these attacks can be attributed to several factors, including the complexity of OT environments, the convergence of information technology and OT, insider attacks, supply chain vulnerabilities, and more. Despite heightened security awareness efforts and spending by manufacturers and critical infrastructure organizations a common mistake that aids cybercriminals is focusing on visibility and detection with prioritizing prevention.

To exercise better control, many CISOs and executives request visibility into cyber events. However, achieving this visibility often involves connecting OT to IT or transmitting status offline, which can introduce new vulnerabilities and complexity. The severe implication of OT attacks such as the 2023 California water treatment system breach, continue to worry CISOs. In addition to external and insider threats, they also much contend with everyday human errors.

With the convergence of IT, OT, IoT, and IIoT, cyber physical systems emerged, creating a vast attack surface and new vulnerabilities, giving attackers the opportunity to profit through ransomware and create extensive damage to critical infrastructure.

Security Officer Comments:
Previously, many businesses believed that isolating production assets from the internet provided sufficient protection. However, as cyberattacks grow in frequency and scope, it’s clear that air gapping isn’t as secure as once thought, and it can limit the usefulness of machines and devices. Utilizing generic cybersecurity products is not the right solution for protecting cyber physical systems, as they were designed for IT and cannot safeguard physical assets or production continuity. Network based anomaly detection, while valuable, doesn’t cover all attack vectors, including those from insiders or supply chain vulnerabilities. It can only provide warnings after a network breach, not prevent attacks using stolen credentials or malicious actions by employees on operational devices.

Suggested Correction(s):
Today's complex CPS features a mix of legacy and innovative systems, often including retrofitted equipment connected to IT systems, resulting in diverse production environments. To ensure cyber resilience in this intricate landscape, a zero-trust mechanism should be employed, prioritizing OT device protection to prevent cyber threats, support uninterrupted CPS processes, and maintain ultra-low latency while upholding machine uptime. This approach eliminates the reliance on shared passwords without impeding engineering or operational processes, safeguarding CPS fleets even in IT/network attacks. Device OEMs should integrate robust cybersecurity measures from the outset to ensure effectiveness throughout their products' lifecycle. Ideally, organizations should seek industry-specific solutions from vendors that understand their unique needs and assist in compliance with emerging regulations, such as NIS2 and the Cyber Resilience Act in the European Union, NIST SP 800-82r3 in the United States, and CCoP 2.0 in Singapore.