The cyber threat situation is intensifying. With the increasing level of connectivity and software integration, Operational Technology (OT) is becoming more accessible to cyber criminals. Endian, a leading security manufacturer in the field of Industry 4.0, recommends ten measures to optimize the security level in OT.
“The challenges in OT security are quite different from those in a typical IT environment,” says Endian CEO Raphael Vallazza. “The lifecycles of industrial equipment are many times longer than those of IT equipment. As a result, machine parks within a company are often very heterogeneous, and that makes it difficult to have uniform updates of the operating system, firmware and antivirus software, which is so heavily dependent on being up to date.”
Another security risk is the networks that have grown over the years. Through the many points of interconnection, malware can quickly spread throughout the entire facility, for example in the case of ransomware attacks. To improve OT security companies should implement the following measures:
Visualizing networks makes their complexity manageable. A good overview of the different components, sensors and connections shows the communication within the company and beyond its borders. Deviations from the usual processes can be recognized more quickly. At the same time, the graphical representation of networks forms the basis for network segmentation.
Ransomware is currently the dominant crime phenomenon in the cyberspace. In this case, the perpetrators infiltrate a malicious software into the corporate network to encrypt data, in order to then demand a ransom. For maximum effect, the software is often designed to detect connections and spread unnoticed throughout the network. Segmenting the operational network is therefore a fundamental measure for improved OT security. IoT security gateways, which have multiple IT security functions and are connected in front of the segments, help to quickly divide the networks without having to adjust the network structure.
“The challenges in OT security are quite different from those in a typical IT environment”
Corporate borders are increasingly dissolving as digitization advances: Suppliers and business partners need access to certain company resources for optimal planning. At the same time, many employees have enjoyed working from home during the pandemic and want to continue with it in the future. It is therefore time to implement a concept that does not automatically trust any access, regardless of whether it is internal or external: In the zero-trust concept, it is not the location that is decisive, but identities, authorization and secure authentication of users and machines for each individual access.
Only employees with appropriate authorization are allowed to access machines and equipment. To set up and manage user accounts and credentials, administrators need a central tool that allows them to create, change or delete roles and authorizations in real time. The tool should also be able to implement general rules, such as preventing access from countries where there are neither business relationships nor subsidiaries.
Insecure passwords are also a major risk in the OT environment, which is why companies should use two-factor authentication. Here, users need another factor in addition to a password to log on to a machine or network. The so-called “property factor” is widely used, in which users are sent a one-time password to their smartphone
Since machines are also communicating among themselves more and more frequently, the same principle should apply here as for human-machine communication: every access requires a corresponding authorization. Certificates give each device a unique identity so that it can identify itself to machines, systems and people.
Edge computing shifts computing power to the edge of the network. This allows data to be analyzed right at the machine or plant, where it is collected, before the only results are transmitted to the central cloud. This not only saves bandwidth but also reduces the risk of data theft and manipulation.
When data is transmitted over the Internet, it is exposed to special risks. A virtual private network (VPN) creates an encryption tunnel during transmission and thus ensures that the data is unusable for anyone who tries to record or modify it.
Companies should be able to decide at any time where their sensitive data is managed so that they remain sovereign and independent. On Premises solutions can be used in the cloud, in the company’s own data center or at the system house partner and thus offer maximum flexibility.
Phishing emails are the most common attack vector in ransomware attacks. Attackers pretend a false identity or false facts, building up pressure in an attempt to trick employees into clicking on an infected attachment or link. Companies need to make their workforce aware of the growing threats and keep them up to date with regular training and education.