Hackers are increasingly targeting operational technology (OT). No wonder: The increasing digitization of industrial and also CRITIS companies means that the attack surface is growing – and security concepts often do not grow fast enough, especially with regard to OT.
What is Operational Technology (OT)?
The term Operational Technology (OT) stands for the use of hardware and software to control industrial plants. The interaction with physical devices or machines is the key difference here from information technology (IT), which deals with digital data systems. OT includes industrial control systems (ICS) such as programmable logic controllers (PLCs), distributed control systems (DCS), and supervisory control and data acquisition (SCADA) systems. Examples of OT are industrial control systems, building management systems, fire protection systems or physical access control mechanisms.
Why is OT increasingly becoming a target of cyberattacks?
The increasing networking of physical and digital systems in industry has greatly increased the attack surface for cyberattacks in the OT sector. Even a short interruption of operations can cause significant economic damage in an industrial company, while a cyberattack on critical infrastructure (CRITIS) such as power or water supply can have far more devastating consequences. No wonder, then, that both industrial and CRITIS companies are increasingly confronted with cyberattacks. The focus for hackers is not only monetary interests, but often also aspects of cyber warfare such as espionage and sabotage.
OT cybersecurity is therefore increasingly becoming an existential issue across industries. It is not only a matter of protecting assets, systems and processes from cyber attacks, but also of complying with legal regulations that the BSI has put in place for the IT security of CRITIS companies.
Wherever operational technology is mentioned, sooner or later the term IT/OT convergence also comes up. IT/OT convergence describes the increasing fusion of information technology (IT) and operational technology (OT). While the two areas were isolated from each other in the past, companies are increasingly combining IT tools for capturing and analyzing data (IT) with tools for process control (OT) in the course of their digitization. This development brings with it high requirements in terms of IT security, which many companies are not yet meeting.
The merging of OT and IT manifests itself in the Industrial Internet of Things (IIoT), which in turn forms the basis for the so-called Industry 4.0 – i.e., the use of digital automation technologies, with the help of which industrial processes gain greatly in efficiency on many levels. At the heart of the industrial revolution is a “smart” network of machines that are interconnected as IIoT.
A typical IoT system consists of end devices connected to an edge gateway, which in turn connects to cloud services. Typical devices in an industrial IoT include sensors that measure temperature, pressure, or chemical composition, for example. There are also a variety of actuators that convert digital commands into physical actions, such as controlling valves and motion mechanisms. Every IoT device is designed to communicate over standard networks to exchange OT data with IT resources such as servers and storage media – sometimes over long distances.
The IIoT forms the foundation for the vision of the smart factory, in which processes run largely without human intervention on the basis of AI and are optimized on the basis of data. This is the dawn of a new era for industrial companies. But the higher the level of digital networking, the larger the attack surface for hackers.
SCADA (Supervisory Control and Data Acquisition) systems are critical to efficient operations in industrial enterprises. They consist of software and hardware elements that can control and monitor industrial processes and IIoT devices on-site or at remote locations using real-time data. The impact of SCADA systems becoming the target of a cyberattack can be devastating. According to a Forrester study, 56 percent of companies using SCADA systems faced security incidents last year.
OT security: This is how dangerous a hacker attack on the OT is
The networking of industry brings numerous benefits. The price is a high risk of cyberattacks with potentially devastating consequences – for both industrial and CRITIS companies. Malware such as the Stuxnet computer worm, suspected to have been developed by intelligence agencies to sabotage Iran’s nuclear program, can completely destroy physical systems in the worst case scenario. “The attack on machines can not only trigger expensive technology standstills, but in extreme cases can also cost human lives,” says Fabio Hankamp, OT security expert at DGC.
Risk of sabotage at CRITIS companies
The OT of CRITIS companies, i.e., organizations with important functions for the state community, is also increasingly coming into the crosshairs of cybercriminals and hackers working on behalf of intelligence agencies as part of so-called cyber warfare. Rail traffic coming to a temporary standstill is still a relatively harmless example scenario when one considers that nuclear power plants, for example, are also part of the critical infrastructure. The legal regulations of the German Federal Office for Information Security (BSI) in CRITIS companies are correspondingly strict.
IT security often not at the required level
Studies such as the Global IoT/ICS Risk Report of 2020 make it clear that industrial networks often use outdated operating systems that no longer receive security updates. In addition, insecure passwords and lack of consistency in updating antivirus software also increase the risk. In general, the potential damage from a cyberattack for industrial and CRITIS companies is now so high that complex security concepts should be used in any case to minimize the risk of successful attacks on the OT.
These include comprehensive risk analyses for all OT systems and components, consistent compliance with legal security standards, security checkpoints at network boundaries, authentication and authorization mechanisms, awareness training for employees, and incident response plans to enable a rapid and effective response in the event of an attack. The necessary measures can be implemented either by internal IT experts or in cooperation with a specialized service provider such as the German Society for Cyber Security.
OT-Security with the DGC
As a leading 360° cybersecurity company, DGC is confronted daily with the challenges faced by industrial and CRITIS companies in the context of their digital transformation and increasing IT/OT convergence. Many organizations already benefit from the knowledge of our experienced IT security experts as well as from our comprehensive portfolio of powerful tools for the specific problems and security risks in the field of Industrie 4.0.
We will be happy to answer any questions you may have about the safety of your Operation Technology.
Please contact us now.