mdr-for-ot

During a powerhouse round table discussion with leaders in OT cybersecurity solutions, key topics regarding the securing of Operational Technology were debated.  

The experts participating in the round table discussion, led by Scott Crawford, Head of Information Security Research Head at S&P Global Market Intelligence, included:  

Bill Jones, Director of Cybersecurity Architecture & Engineering at Trane Technologies  

Steve Ocepek, Global Threat Competency Leader at DeepSeas 

Danielle Jablanski, OT Cybersecurity Strategist at Nozomi Networks 

Pia Capra OT Cybersecurity Practice Lead at Booz Allen Hamilton 

Crawford kicked off the discussion by sharing with the audience that Operational Technology (OT) continues to be a primary target for threat actors with 75% of organizations with OT reporting at least one intrusion in 2022. With such an onslaught of threats, cybersecurity professionals face multiple challenges in securing their often extensive and complex OT environments. Such challenges include the explosive growth in connected OT devices, moving OT cyber defense under a CISO or similar security leader, and the plethora of legacy technology most often found in Operational Technology environments.  

During the roundtable, the OT cybersecurity leaders discussed these problems as well as DeepSeas MDR+ being a proven solution for securing operational technology. Below is a summary of key topics covered in the discussion.   

The Unique Cybersecurity Implications of Operational Technology 

The differences in securing Operational Technology (OT) and traditional Information Technology (IT) are rather significant. In understanding those differences and challenges, you first must consider the degree of impact that a cybersecurity threat would have on your organization.  With a cyber threat in IT, you are dealing with data, computers, tablets, phones, printers, servers, etc. The impact can be significant, certainly, if these assets or a group of these assets are taken down or negatively impacted by a threat.   

However, with Operational Technology you are often dealing with thousands and sometimes tens of thousands of different devices – from the smallest actuators to thermometers to programmable logic controls to supervisory control and data acquisitions systems. These devices are often driving multi-million-dollar processes. The immediate impact between servers and workstations being offline versus an entire production line being down can be measured in millions of dollars in short order. 

Another unique implication of OT is that organizations are often dealing with legacy technologies.  It is extremely common to find Operational Technology in a business or organization which has been in use for decades.  Some of this legacy OT often pre-dates the Internet and now being connected to the Internet. 

Consider also that operational managers in the OT environment are not typically aware of the threats that come from Internet connectivity.  At the same time, IT threat security analysts do not often understand the nuances of threat scenarios that can happen in an OT environment. 

Significant Cyber Attacks Involving OT 

In the roundtable discussion, leaders referred to examples of significant cyber attacks resulting from challenges in securing Operation Technology over the past few years include the following. 

• Florida Water Treatment Facility
  An attempt was made to poison the water supply for Oldsmar, Florida threatening the lives of thousands by increasing the levels of sodium hydroxide (commonly known as lye).
   
• Colonial Pipeline
  A ransomware assault on Colonial Pipeline reverberated globally, showcasing images of winding queues at gas stations along the eastern seaboard. Panicked Americans were seen hastily filling bags with fuel, driven by the fear of potential work disruptions or challenges in transporting their children to school. This marked a pivotal moment, crystallizing the vulnerability inherent in our intricately connected society, transforming it into a nationwide concern that found its way into everyday kitchen table conversations

• Tower Semiconductors
  During a security incident, Tower Semiconductors, who produces critical integrated circuits, had to completely shut down operations in several of its manufacturing facilities.
   
• Dr Reddy’s Laboratories
  During the pandemic in October 2020, Dr Reddy’s Laboratories, a major Indian drugmaker, faced a significant cyber attack. This led to the closure of production facilities, isolation of data centers, and shutdowns in the US, UK, Brazil, India, and Russia. The targeted servers contained vital clinical trial data for Russia’s Sputnik V vaccine, adding complexity to an already critical situation. 

While some of these attacks were instigated by nation state threat actors, a recent study by S&P Global Market Intelligence in OT security found that less than 30% of organizations and businesses in North America utilizing Operational Technology are concerned about cyber threats from nation state actors.  The study revealed that most are worried about criminal hacking groups intent on installing ransomware in an organization. 

How to Assess Operational Technology Cybersecurity Needs and Solutions 

First, it is important to understand that cybersecurity is categorical by nature. It is not mathematical.   Coding and other technical solutions are mathematical, based on well-defined inputs and success criteria. Cybersecurity, however, is situational, and each set of inputs is different.  Consequently, when assessing OT cybersecurity, context is essential. 

Thus, it is critical that we carefully evaluate the impact a cyber threat or potential threat has on your organization, technology, and processes. The examples cited earlier in this post paint that picture — by identifying the effect of a threat, we can then work backwards to clearly identify required solutions. 

Another distinction when assessing OT security is the concept of process values. Communications data needs to be considered. What is operating on the network? How do nodes on the network communicate?  With these answers we can evaluate the output of key processes. Taking a step back, consider: Do specific sensor readings and outputs align with their intended function, or is there some type of change in the frequency for this process that’s worth investigating? 

Using DeepSeas MDR+ as a Holistic OT Cybersecurity Solution  

Over the years there has been a significant investment into IT security education but much less so in topics related to securing Operational Technology. This makes the transition into OT security even more challenging. 

Often when organizations determine there is a need to make that fundamental transformation from strictly focusing on IT cybersecurity to taking a holistic approach that involves the security of their entire organization, including the daunting Operational Technology environment, they often start with implementing an OT technology solution such as that provided by Nozomi.   

This technology does a tremendous job at identifying the security risks in an OT environment. However, the true value of implementing such technology must involve a security professional who can identify true-positive threats quickly and easily 24×7.  DeepSeas MDR+ ensures security team members won’t get lost in a flood of data.  DeepSeas MDR+ ensures that high-fidelity threats against your most critical assets are identified, contained, and remediated.   

When leveraging DeepSeas MDR+ , cyber defense experts will guide an organization in identifying its “crown jewels” and their nuances. For example, in the world of healthcare, the differences between Operational Technology such as a patient monitor and that of a magnetic resonance imaging machine (MRI) or an arterial blood gas analysis (ABGA) machine are critical. A compromised MRI or ABGA benchtop analyzer could very well have life-threatening implications. High-fidelity threat data regarding those devices have greater significance than OT that doesn’t directly impact a patient.  As a result, DeepSeas MDR+ builds a process around the deluge of security data enabling effective monitoring and alerting around the most critical OT assets. 

Summary: Cybersecurity Solutions for OT 

The pressing challenges faced when securing Operational Technology against cyber threats call for an emphasis on the increasing number of threats and unique implications specific to OT environments. With 75% of organizations with OT reporting intrusions in 2022, the need for robust cybersecurity solutions is evident. DeepSeas MDR+ emerges as a transformative answer to these challenges, addressing issues like the proliferation of connected devices, alignment under security roles, and legacy technology concerns.  

DeepSeas MDR+ is a comprehensive solution that enables effective monitoring, alerting, and mitigation of high-fidelity threats against critical OT assets. As organizations navigate the complex landscape of OT security, DeepSeas stands as a vital partner in securing the intricate and essential components of operational processes while leading organization-wide cyber transformation.  

Key Take-Aways: Cybersecurity Solutions for OT  

• OT Cybersecurity Challenges: Operational Technology (OT) faces a high risk of cyber threats, with 75% of organizations reporting intrusions in 2022. 

• MDR for OT: DeepSeas MDR+ provides a transformative solution for the unique challenges of securing complex OT environments. 

• Differences in IT and OT Security: The impact of cyber threats in OT environments is significant due to the vast number of devices involved, often driving multi-million-dollar processes. 

• Legacy Technology Concerns: OT environments commonly operate using legacy technologies, some even predating the Internet, presenting additional challenges for cybersecurity. 

• Lack of Understanding in OT Environment: Operational managers in OT often lack understanding of threats from Internet connectivity, while IT threat analysts may underestimate the magnitude of threats in OT. 

• Significant Cyber Attacks on OT: Examples include attacks on Florida Water Treatment, Colonial Pipeline, Tower Semiconductors, and Dr Reddy’s Laboratories, showcasing the severity and diversity of threats. 

• Concerns About Criminal Hacking Groups: Despite nation-state threats, a study finds that less than 30% of OT organizations are concerned about cyber threats from nation-state actors; most worry about criminal hacking groups. 

• Categorical Nature of Cybersecurity: Cybersecurity is categorical, not mathematical. When assessing OT cybersecurity, understanding and assessing the impact of threats on business and technology is crucial. 

• Process Values in OT Security: Evaluating communications data and assessing the output of processes is essential in OT security to identify anomalies and potential threats. 

• DeepSeas MDR+ Implementation in OT Environment: DeepSeas MDR+ addresses the challenge of transitioning from a strictly IT security posture to one that holistically embraces all attack surfaces, including critical OT by effectively identifying, containing, and remediating high-fidelity threats against critical assets in the OT environment.