How OT can arm themselves amid cyberthreats
Source: William Pao, a&s International
While Industry 4.0
has brought various benefits to manufacturers, it has also incurred new risks, particularly cyber threats
against operating technology (OT)
equipment and devices that are more and more online. Against this backdrop, equipping OT with the necessary knowledge and tools to combat attackers has become key.
Needless to say, the industrial internet of things (IIoT) trend has caught on among manufacturers across the globe due to its benefits. According to Grand View Research, the IIoT market is expected to reach US$949.42 billion by 2025, expanding at a combined annual growth rate of 29.4 percent between now and that year.
However new threats have also surfaced amid the popularity of IIoT. “Connectivity plays an important role in contributing to these new threats, as adversaries (whether they be a competitor, or even sponsored by a state) are taking advantage of this by finding weaknesses in the industrial sector’s cyber defenses,” said Luke Bencie, President and MD of Security Management International
, and his associate Sami Araboghli. “When compromised, these weaknesses could give an adversary carte blanche access to critical proprietary and confidential information, a threat that poses jeopardizing industrial security.”
According to Bencie and Araboghli, not a single piece of OT equipment exists that is not susceptible or vulnerable to an attack, and methods of attack vary greatly. “Adversaries are innovative in finding and exploiting weaknesses that exist in OT, even from devices and equipment not necessarily viewed as critical to operation. Anything from a simple control switch, to facility access may be compromised depending on the capabilities and training of an adversary,” both said.
And threats against OT apply to pretty much all industries in the manufacturing sector
, although the degree of vulnerability may differ from segment to segment, Bencie and Araboghli said. “All manufacturing segments vary in their susceptibility to attack, however some industries may be so more than others. Manufacturing segments that are particularly vulnerable include those that are vital to national security and the economy, as they possess the greatest number of adversaries, competitors, and stakeholders,” they said.
Stay ahead of adversary
Amid these threats against OT, simply understanding them is no longer sufficient for manufacturers. “The question shouldn’t necessarily be whether or not manufacturers understand OT threats, but whether or not they can stay one step ahead of an adversary. Manufacturers must understand the creative measures that adversaries are using to take advantage of advancements of OT. Its uses are endless, but so could be its vulnerabilities,” said Bencie and Araboghli. “In our current times, connectivity has allowed for increases in efficiency across the board. However, it shouldn’t be at a cost to security. OT must not put cyber security on the backburner, as it is an avenue of attack that is becoming more and more common.”
According to both, an effective tool that OT can refer to is the CARVER Target Analysis and Vulnerability Assessment Methodology. “The vulnerabilities that could exist in the industrial sector with respect to OT are endless. Adversaries today are becoming more and more talented in creating and exploiting those security vulnerabilities,” they said. “A reliable tool used throughout the security and intelligence communities, CARVER is indispensable as it utilizes both qualitative and quantitative data in determining what is most susceptible to an attack and helps in providing solutions to whatever security vulnerabilities arise. It is both an offensive and defensive tool – allowing it to be used to defend OT assets against potential adversarial attacks as well as identifying any possible vulnerabilities that may exist.”