As geo-political tensions rise, visibility and understanding of the operating environments is vitally important to protect, defend against and prevent overreaction. It's easy to hyper-fixate on news and make correlations. Attribution of the attack is not as important as deep understanding of the events and proper delivery of OT cyber-data to the enterprise security-operations groups for analysis.
Now is the time for all those in the industrial space to assess the breadth and depth of their OT visibility if they haven't already, and to use current elevated concerns to plan better OT visibility for the future.
Improved OT visibility will reveal all of the business interconnections common to manufacturing, oil and gas, and energy environments. For quite some time now modern systems have been converged with business analysis and operations sharing data and dependencies. Many use cases exist where enterprise systems are targeted and successfully attacked that cause operation outages via this dependency.
Think of a chemical manufacturing plant that has raw materials entering the process, process control, packaging, shipping and storage. This is all critical to the successful operation of the business, but it’s not unusual to be hyper-focused on the process itself and disrupt any one of these subsystems that are considered enterprise/IT (think shipping or storage and the entire line of business stops).
No real attack of the process controls is necessary.
Industrial-specific attacks can still be counted on one hand, but as the uptick in ransomware continues worldwide, it’s only logical that an increase of industrial “collateral damage” will result. The industrial process shouldn’t be a black hole of information when it comes to visibility, security, compliance and operational efficiency.
By shining a light on these areas, owners/operators, CISOs and CEOs can begin to better see, know, and defend their critical infrastructure.
Ron Fabela is CTO and co-founder of SynSaber