While most employees found themselves working from home during the pandemic, there will still many who could not work remotely simply because their job did not allow them to. Apart from the front liners, healthcare workers and those in F&B, employees in the manufacturing industry also had to work in their factories.
The problem was, most manufacturing plants still did not have enough modern machinery to run on their own, with minimal human intervention. To sort this problem out, more companies are utilising Operation Technology (OT). OT includes the hardware and software for control systems in industrial environments, such as manufacturing plants, power generators and distribution networks. While OT systems worked in isolation from other systems in the past, that is no longer the case today.
According to Galina Antova, the Co-Founder and Chief Business Development Officer of Claroty, IT and OT networks have become more interconnected due to digital transformation and the COVID-19-induced shift to remote work has accelerated their convergence even more.
“Based on our recent survey of IT and OT security professionals supporting critical infrastructure in large enterprises, 71% of respondents in Singapore and 67% globally say their IT and OT networks have become more interconnected since the pandemic began”, said Galina.
As with any technology, the more it’s used, the higher the chances of cybercriminals causing problems to companies as well. The Claroty Biannual ICS Risk & Vulnerability Report: 1H 2020 showed that more than 70% of vulnerabilities to Industrial Control Systems (ICS) published by the US National Vulnerability Database (NVD) can be exploited remotely, which means that a hacker could wreak havoc on a factory floor or water plant without physically being there.
Galina explained, “Complicating matters is that OT security is a relatively much newer field compared to IT security and is therefore much less understood. One common misconception is that the methodologies and technologies that have been developed over the decades to protect IT, also apply to OT. However, OT and IT networks have different priorities and therefore require different approaches. Security systems are typically built on the three principles of the “CIA Triad” – Confidentiality, Integrity and Availability”.
For OT systems, Galina said the availability or uptime is more important than confidentiality and data security for OT systems, as downtime in critical infrastructure can be catastrophic and even lead to loss of human life. As a result, it is not feasible to shut down many OT systems for maintenance, even temporarily. In stark contrast, with IT systems, data confidentiality and security maintain equal footing with uptime and IT teams must regularly account for planned downtime for maintenance such as security updates.
Galina added that unlike the standardised protocols used by IT networks, OT networks usually use proprietary protocols, which are largely unrecognisable by IT security tools and therefore completely incompatible with them. With its unique characteristics and requirements, there is no doubt that OT security is different from IT security, but it is no less important.
Why Securing Operational Technology Matters
While the convergence on IT and OT has made the adoption of tech easier, it has also created a vulnerability as OT systems are also now open to IT-based security threats that they were never designed to withstand. In the Asia Pacific region, 25% of organisations have already experienced an OT attack, according to a Cisco study. Furthermore, according to Claroty’s Biannual ICS Risk & Vulnerability Report, more than 70% of ICS vulnerabilities disclosed in the first half of 2020 can be exploited remotely.
As the COVID-19 pandemic created a rapid global shift to remote work, it also marked a rise in cyber attacks to OT environments. 71% of global respondents in a Claroty survey said that they saw new attack tactics since the start of the pandemic lockdowns in March 2020, the most common being hacking and credential theft, ransomware and web application threats.
“Whereas IT attacks can be costly, attacks on OT systems can mean tangible harm, as they deal with large-scale physical processes. Manufacturing in particular ranks among the top five most vulnerable sectors to cyber attacks, according to global respondents in our recent survey. Just think about the heavy machinery in an automobile plant or the precise controls in a chemicals factory and imagine if the controls of their industrial systems fell onto the wrong hands”, commented Galina.
She added that as most organisations have already invested well in protecting their IT systems, cybercriminals view OT systems as an easy point of access. Leaders need to be proactive in securing their OT, in a way that’s effective and integrated into their existing processes. Companies revolve around data, whether that's client information, financial figures, marketing analysis or anything in between. If any of this data is compromised, it can only spell disaster.
Galina felt a key challenge is to get the buy-in from the CXO level to prioritise OT security at the same level as their IT security. They need to understand the unique characteristics and security needs of OT and provide proper security controls.
Interestingly, Claroty has seen a sharp rise in demand for their OT security solutions during this time, particularly in the Asia Pacific and Japan region. From the first half of 2019 to the first half of 2020, their annual recurring revenue grew by eight times while our total contract value grew three times, just in this region alone.
She commented, “A contributing factor we see is the growing awareness of OT security, especially now that so many organisations have had to rely on remote access to keep their critical operations running while practising social distancing. Claroty’s Secure Remote Access (SRA) solution has particularly seen a surge in demand. SRA provides a single, secure and clientless interface through which all external users can connect to perform software upgrades, periodic maintenance and other support activities on assets within OT networks, minimising risk from remote users and third-party vendors. Recent enhancements to The Claroty Platform (including SRA) enable cybersecurity teams to detect, investigate and respond to security incidents on OT networks across the broadest attack-surface area from any location”.
At the same time, she explained that customers see value in Claroty’s solutions because not only can they be rapidly deployed but also because they seamlessly integrate with existing IT security tools. Meaning, Claroty can help protect their OT without entailing a steep learning curve.
Bridging the Cybersecurity Gap Between IT and OT
As IoT has penetrated the industrial ecosystem across all sectors, the demand for real-time analytics to ensure uptime and enable better decision-making has ushered in a whole new reality for manufacturing companies and critical infrastructure operators, where IT, OT and IoT devices are converging to form a highly interoperable ecosystem, where the shop floor is connected to the back office, which is connected to the cloud.
Galina pointed out that this integration is not seamless. One of the biggest gaps is that OT has different performance and reliability requirements compared to IT and they also use operating systems and applications that may be considered unconventional in a typical IT network environment.
She explained that traditionally, an air gap approach has been used to secure OT environments, completely isolating two domains. This air gap technique is still used in certain environments that need the highest degree of security, such as in the military, intelligence organisations and the energy sector. But this approach is counter to the convergence of IT and OT, where IT systems increasingly “consume” data from OT systems and where OT system vendors need to remotely monitor their equipment.
“The Claroty Platform bridges the cybersecurity gap between IT and OT environments by seamlessly integrating with existing security infrastructure and providing the industry’s most extensive range of OT security controls across four areas: visibility, threat detection, vulnerability management and triage & mitigation – all within a single, agentless solution”, explained Galina.
Armed with Claroty’s converged IT/OT solutions, Galina firmly believes that manufacturers can leverage their existing IT security processes and technologies to improve the availability, safety and reliability of their OT assets and networks seamlessly and without requiring downtime or dedicated teams. The result is more uptime and greater efficiency across business and production operations.