Bio: 25+ years of total experience in the IT industry including in the security & networking domain, spanning enterprise, banking & finance, commercial select & mid-market & ITES. Strong pre-sales & solution selling profile for more than 17 years.
Currently working as Lead Security Engineering for Commercial & Channels vertical for India & SAARC region. I’m also a part of Check Point India’s Check Mates community, contributing as Local Ambassador & also represent office of the CTO function at Check Point.
In this interview, Hitesh Pathak discusses OT/IT security and how critical national infrastructure organizations can better address threat prevention. Discover an in-depth, real-world analysis of the current landscape, see how to evolve your ecosystem, obtain actionable cyber security strategies, and explore distinctive future potentialities.
What have you seen in terms of a post-pandemic increase in cyber attacks on ICS/critical infrastructure?
Recently, there has been a significant rise in attack and breach attempts reported on ICS.
We have seen, post-pandemic, that there has been an accelerated effort to increase the connectivity of industrial control systems (ICS) and the convergence of OT and IT networks as part of digitization efforts, and that eventually expanded the attack surface of industrial manufacturing and critical infrastructure facilities. Attackers are gaining an advantage and using this opportunity to target CNIs (Critical National Infrastructures). Attacks like ransomware and phishing continue to be the preferred way of targeting customers when it comes to infiltration and data breach attempts.
At the macro-level, if we zoom out a bit, what are the real-world implications of failing to secure these systems?
In the absence of proper defense mechanisms to protect the ICS environment, the attackers can successfully bypass the basic security controls and reach the end users or servers to fetch confidential data.
For example, the OT systems and SCADA application servers often remain unpatched for years, which leaves the system vulnerable and an easy target for attackers. Some of the plant/manufacturing networks are not properly segmented, and are also susceptible to lateral movement in the event of a successful breach. The internet access to vendors and contractors is uncontrolled, which invites the data theft and leakage for data-at-rest.
What are the OT/IT infrastructure issues exacerbating the number of attacks?
- No proper segmentation
- Lack of awareness and flaw in the process of maintaining the OT environment
- No visibility of the assets at the plant level
- Unpatched systems and servers used in SCADA/OT environment
- Unmonitored remote access to vendors and contractors
- Default configuration
- Lack of data encryption
What kinds of conversations are happening around this at the board level?
Due to the recent increase in the number of attacks on ICS infrastructure, almost every organization is critically thinking about how to secure and strengthen its security posture around IT and OT networks. The CISO plays a pivotal role in defining policies around the risks and mitigation techniques. Also, while various tools are being evaluated, as an immediate step, organizations are starting with IT-OT integration, planning for budgeting asset management and visibility tools.
Where are manufacturing groups and related industries with their security now?
As we speak, the manufacturing and related industries are on the verge on a definitive plan to tighten the security around People, Process & Technology. Driven by the organization-wide digitization initiative, the plants and facilities are revamped to have automation and more sophisticated tools to combat growing cyber risks. Even the IoT, which has become an integral part of the infrastructure, is being held to higher security standards by having IoT security in place.
What should their approaches really look like?
The approach to security for ICS infrastructure should start with a Zero Tolerance Policy Framework. That includes, but is not limited to, understanding and identifying different types of SCADA protocols support, implementing threat prevention and signatures specific to the SCADA/OT environment to get maximum visibility, securing all the threat vectors – point of entry to IT/OT networks, looking for a solution that can bring more visibility and control of ICS traffic and communications, and implementing enforcement of stricter controls to contain the impact of breach.
Can you recommend actionable steps that relevant organizations can pursue immediately?
- Implement a defense-in-depth approach
- Deploy an OT asset visibility tool to gain maximum visibility of the assets on the shop floor so that you can identify the most vulnerable device that needs to be secured or patched
- Continuously monitor the environment by integrating WLAN, LAN and WAN networks to get baseline data to identify good v/s bad communication
- Implement enforcement solutions like NGFW to prevent malicious attempts and malware propagation
- Focus on IoT not just OT assets, since they are equally vulnerable
How can organizations further address concerns with cyber security solutions?
- Start with an assessment to identify the gaps in the current environment
- Carry out tools-based discovery of the current landscape to get a complete visibility of the devices ’till level 0
- Implement levels of security in accordance with the Purdue model
- Implement a Zero Trust framework
- Implement endpoint security to protect from advanced threats like ransomware, malwares…etc.
- Implement sensors and enforcers to control the in and out communication of the OT network
- Integrate IT wherever required for centralized monitoring of the OT environment
What are your predictions for the future?
Looking at the rate at which attacks are increasing and the way the level of sophistication and advancement in the attack techniques is accelerating, organizations have to implement a multi-layered threat prevention approach. Detection-based protection is not good enough. Organizations have to adopt Infinity-like architecture with a prevention first-approach so that the threats can be prevented first. Implement solutions like OT Asset Discovery and Visibility tools to continuously monitor the environment and contain the risk as quickly as possible. Include people and process as well to identify the gaps and to fix them with relevant solutions or SOPs.
Is there anything else that you would like to share with the CyberTalk.org audience?
Difficult times are ahead, but we have a hope in sight. Going further, the attacks’ complexity and volume will increase, but organizations can keep themselves protected by implementing the right solution.
Lastly, to receive cutting-edge cyber security news, insights, best practices and analyses in your inbox each week, sign up for the CyberTalk.org newsletter.