Our new Biannual ICS Risk & Vulnerability Report is the most up-to-date look at CVEs disclosed in OT devices.
Check it out!
How Heavy Industry Companies Can Lighten the Industrial Cybersecurity Load
By The Claroty Team | July 30, 2021
In 2020, companies in every sector accelerated their digital transformation journey, including those in heavy industry sectors, such as mining, oil and gas, and chemicals. Around the world, heavy industry companies are seeing the value collaboration and connectivity bring to optimize manufacturing strategies, maximize efficiency of plant and facility assets, minimize downtime, meet local requirements, and simplify compliance with industry regulations. However, digitization also introduces added complexity in securing industrial operations that these companies need to address.
According to the 2021 Verizon Data Breach Investigations Report, social engineering (primarily through phishing to steal credentials) and system intrusion (largely achieved through more complex, multi-step, human-operated ransomware attacks) are the top attack patterns for companies in these sectors. Government warnings over the last year confirm these findings. Last July, the National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) issued a joint alert in response to a growing number of attacks leveraging spearphishing and ransomware to target industrial networks. NSA followed-up just a few month ago with a second cybersecurity advisory on the risks of connecting industrial networks to IT networks. And subsequent to the attack on Colonial Pipeline and other government alerts with respect to ransomware attacks, on July 28, 2021 the White House issued a National Security Memorandum on improving cybersecurity for critical infrastructure control systems.
There are several driving factors behind this heightened risk for heavy industry operators:
An expanding attack surface
As companies prioritize digitization and IT and OT networks converge, Internet of Things (IoT) and Industrial IoT (IIoT) devices are becoming essential tools to help drive production efficiencies and improve reliability, responsiveness, quality, and delivery. However, when legacy OT assets become internet-facing and more devices are connected to industrial environments, the security gap widens and the door for attackers opens further.
Limited visibility across a disparate and dispersed environment
Geographic distribution, collaborative manufacturing, a prevalence of legacy systems, and a diverse patchwork of assets from different vendors that use different proprietary protocols, make it challenging to inventory OT assets and establish behavioral baselines to identify and address potential risks.
Limited detection and vulnerability management capabilities
The limited visibility that makes it difficult to establish a behavioral baseline also makes it difficult to detect and manage other types of threats and vulnerabilities such as known threats, high-risk behaviors, and full-match vulnerabilities.
Exposure to third-party risk
Given the widespread geographic distribution, a vast physical footprint, and heavy reliance on third-party OT vendors to maintain and update equipment and contractors for additional services, OT remote access is typically a critical necessity. But without capabilities like granular policy- and role-based access controls, OT remote access remains extremely risky.
Claroty empowers heavy industry companies to overcome these security challenges with our unparalleled industrial cybersecurity offerings:
Continuous Threat Detection (CTD) is the foundation of The Claroty Platform, delivering fundamental security controls for industrial networks. Core capabilities include 100% visibility into OT, IoT and IIoT assets, connections, and processes. It also includes support for automatic virtual segmentation and delivers full-spectrum risk and vulnerability management controls. CTD also empowers companies with resilient threat detection so they can immediately identify and respond to the earliest indicators of potential threats to their industrial network.
Secure Remote Access (SRA)enables companies to provide third-party partners and employees with frictionless, reliable, secure access to their operational environments. SRA is fully integrated with CTD and supports a Zero Trust architecture for industrial networks, delivers compensating controls for unpatched or otherwise unsecured assets, and offers response capabilities for incidents related to remote user activity.
Claroty Edge is ideal for companies just getting started on their industrial cybersecurity journey or who want to see and secure devices at additional locations. It’s the first OT visibility tool that does not require network changes, nor does it utilize sensors, or require a physical footprint on the network. Claroty Edge runs on existing Windows-based infrastructure and can easily be run anytime, anywhere – either on-premises or in the cloud.
The National Security Memorandum states, “We cannot address threats we cannot see; therefore, deploying systems and technologies that can monitor control systems to detect malicious activity and facilitate response actions to cyber threats is central to ensuring the safe operations of these critical systems.”
To discuss how Claroty can help you overcome common security challenges and effectively monitor, identify, and respond to industrial cyber threats to heavy industry, request a demo.