There is a general perception that operations that tolerate little or no physical downtime, such as critical infrastructure, industrial sectors, and hyperconnected facilities, are lucrative targets for cyberattacks. A decade ago, intrusion and anomaly detection tools for operational technology (OT) and industrial control systems (ICS) were in their infancy. Today the market is expanding and maturing in new ways.
Historically, “proof of concept” meant ensuring that software deployed in industrial and process control environments would not destroy the systems or networks it was intended to protect. Today, “proofs of concept” often demonstrate a deeper and more complete understanding of the integration of OT/ICS systems with IT and IoT, efficient partnerships and entry into market strategies, and overall horizontal applications. To be done among the best in the business. many sectors. Despite IT and OT being substantially different disciplines with different priorities, several cybersecurity companies that have traditionally served IT have already entered the OT cybersecurity market. The market leader will find himself at a more crowded table in 2023 as market analysis predicts a major boom. Discovery, digital transformation, operational reliability, interoperability, governance, and standards continue to drive demand.
If there is a theme that has emerged in 2022 and beyond, it is that trust and verification in OT cybersecurity are not mutually exclusive.
In 2022, INCONTROLLER demonstrated the potential severity of cyberattacks targeting industrial operations. Fortunately, the attacks were discovered before they were operationalized, demonstrating the potential return on investment of cybersecurity solutions specifically tailored for industrial operations. The incident, which represents his fourth attack featuring malware targeting industrial control systems, involves a highly sensitive response that requires trust and verification between ICS vendors and security research teams. I was.
In the United States, the Cybersecurity and Infrastructure Security Agency (CISA) publishes sector-specific guidelines while building trust with industry and taking ownership of actions such as the rulemaking process for the new Critical Infrastructure Cyber Incident Reporting Act. It strengthens the input of the person and the operator. 2022 (Sacia). The European Union is pursuing two new mandates that provide “a modern and comprehensive legal framework to strengthen both the physical and cyber resilience of critical infrastructure”.
Israel, Germany, Singapore, Australia, and many other countries around the world continue to step up their cybersecurity efforts with increased trust and verification in mind. Moreover, Russia’s invasion of Ukraine has placed a new emphasis on trust in cyber operations, with official ministry operations crowdsourcing a volunteer “cyber army” to support the conflict.
From strategy to application, Zero Trust lives a life of its own with a myriad of definitions and implementation mechanisms. Recognizing that perimeter security is inadequate to defend against today’s threat landscape, with a presumed-breach mindset, Zero Trust principles are designed to reduce “dwell time” and the severity of potential impact. is essential to
Some might say that Zero Trust is simply a repackaging of best practices like network segmentation and the principle of least privilege, but applying Zero Trust properly depends on how the technologies interact. or research what the technologies require of each other and how to minimize redundant access to information, commands, and systems. control of the system.
According to the Council of Insurance Agents and Brokers (CIAB), cyber insurance premiums will rise again in 2022, growing by an average of 28% in the first half alone. In a 2022 lawsuit, cyber policy agreements were voided because, on behalf of plaintiffs, they failed to verify that multi-factor authentication (MFA) was in place when the company was hit by ransomware. . application of coverage.
In 2022, NIST rolled out an update to its cybersecurity supply chain risk management guidance, specifically highlighting “trust and trust” as a driver. And finally, 2022, most dedicated to industrial cybersecurity, saw renewed emphasis on continuous monitoring of OT and ICS. Continuous monitoring, defined by NIST as “information systems and assets monitored to identify cybersecurity events and verify the effectiveness of protective measures,” is a top priority for detecting and preventing cyber incidents. matter.
What is the outlook for 2023?
From the SBOM (Software Bill of Materials) hoopla to the next unprecedented global issue, forecasting is hard to master. OT and ICS projections are even more difficult given that data is often private, distributed, or behind a paywall. 2023 promises to be a pivotal year, prompting investors to invest in cybersecurity at a time when a possible economic downturn could exacerbate the impact of ransomware and unplanned downtime or lost production. need to increase.
Governance sets new priorities.
Previous government standards and frameworks have taken an accordion approach, expanded to address commonalities in critical infrastructure sectors, and compressed to expand security concerns most important to specific sectors. I’ve been New direction and enhanced industry engagement will bring greater situational awareness, trust and resolution across the critical infrastructure security community. The U.S. government has rolled out federal binding operational directives focused on asset discovery and vulnerability enumeration, providing implementation assistance and a unique set of tools to “put that money on your mouth. “is.
In addition to CIRCIA legislation, 2023 will also bring the fruits of two recently debuted CISA programs. The CyberSentry program monitors critical infrastructure networks for known threats and indicators of compromise. The newly released RedEye tool was developed to “parse logs from attack frameworks (such as Cobalt Strike)” to present complex data in a more digestible format. Both broaden the scope for understanding OT and ICS incidents and further build mechanisms to strengthen trust and verification.
Information sharing becomes more meaningful.
While reluctant to aggregate information, meaningful information sharing requires vendor-agnostic mechanisms for sharing early warning data in real time. When it comes to the threat landscape, there is no way to standardize and correlate the threat and vulnerability studies produced by competitive market leaders. Information sharing lacks trust and verification and is siled into sector-specific, private sector or agency-specific mechanisms, creating a single source of information without much consensus.
Regardless of their commonalities, no two attacks against OT/ICS systems are exactly the same, making automated response and remediation difficult. Unfortunately, this reality means that all operations and facilities must wait for another organization to suffer. Then before signatures, detections, and fully-built intelligence is shared for threat hunting. and will begin to move to a more proactive way.
Innovative analytics make your solutions stand out.
Innovations in the ability to provide situational awareness with trust and validation lead the future of OT cybersecurity. Many organizations enable tools that collect and store data, but do not analyze the data to enhance their mission. Merely holding and storing sets of data is not particularly helpful in mitigating risk. Solutions built for OT and ICS continue to fix security gaps and improve security controls.
Behavioral analysis and anomaly detection of network operations can enhance threat intelligence and overall security posture. Anomaly detection can alert on both deviations from normal communication patterns and variables in the process, such as sensor readings and flow parameters. This process data can be correlated with communication data to provide actionable intelligence, inform security procedures and reduce overall risk.
A SANS report sponsored by Nozomi Networks on the state of ICS/OT cybersecurity beyond 2022 states, “Critical infrastructure network adversaries exhibit knowledge of control system components, industrial protocols, and engineering operations.” says. Other reports of OT/ICS incidents cite adversary “unfamiliarity with the OT domain.” 2023 could be the year that attackers show increased ability to monitor and modify her OT and ICS systems in critical sectors.
Governments, public-private partnerships, insurers, and international agencies around the world have been modest about the importance of protecting critical infrastructure and building resilience across industrial sectors and hyperconnected facilities. Across markets, from competitive intelligence to innovation to live “bake-off,” trust and verification are more important than ever for his OT cybersecurity today. In 2023, all OT cybersecurity stakeholders concerned with physical safety, environmental impact, provision of goods, services and resources, microeconomics and macroeconomics will Show me the book.”
State of ICS/OT Cybersecurity in 2022 and Beyond
Read the survey to learn about the evolving threat landscape and its impact on ICS, how your defense posture is maturing, and your cybersecurity project priorities for the next 18 months.
- The Evolving Threat Landscape and its Impact on ICS
- defensive posture maturity
- Cybersecurity project priorities for the next 18 months
OT Cybersecurity Post-2023: Time to Show Your Receipt first appeared on Nozomi Networks.
*** This is Nozomi Networks’ Security Bloggers Network syndicated blog written by Danielle Jablanski. Read the original post: https://www.nozominetworks.com/blog/ot-cybersecurity-in-2023-time-to-show-the-receipts/