Three Trends Impacting Industrial Cyber Risk Management
By The Claroty Team | September 9, 2021
In case you missed it, Claroty’s Team82 latest Biannual ICS Risk & Vulnerability Report: 1H 2021 is now available for download. This research presents the most up-to-date picture of the ICS risk and vulnerability landscape available today, along with analysis into patching and other remediation strategies to mitigate risk.
Importantly, for CISOs, IT, and OT managers, the report also includes insights into emerging trends that affect how to manage risk, tactically and strategically. Knowledge of these trends can help inform discussions around vulnerability management and resource prioritization, which many organizations are ramping up as critical infrastructure security has become a mainstream concern.
To help jump-start your planning and decision-making process, here’s a brief overview of three big trends covered in this report:
1. OT Cloud Migration
Well before the COVID crisis, the momentum driving enterprises to bring the cloud to industrial processes was undeniable. Projects such as creating redundancy for business continuity or collecting data from machinery and processes and storing and analyzing it in the cloud, cemented the role of cloud on-demand infrastructure in the modern enterprise. Others had progressed even further with devices on the edge or robots in warehouses and on factory floors that monitor, manage, and execute processes with the power of machine learning and artificial intelligence.
Unfortunately, connecting once air-gapped OT environments to the cloud creates a much larger attack surface and exposes vulnerabilities that can be a boon for ransomware and extortion-style attacks. Additionally, data security becomes a greater risk, particularly in heavily regulated industries where compliance is unforgiving. Authentication and identity management must also be a part of an organization’s defense-in-depth plans for OT in the cloud. Finally, the COVID crisis accelerated remote work. The incident at the Oldsmar, Fla. water-treatment facility in February demonstrated the risks associated with inadequate controls around access to systems and privilege management.
2. Ransomware and Extortion Attacks
When adversaries targeted Colonial Pipeline with a ransomware attack, the U.S. experienced its first major shutdown of critical infrastructure due to a cyberattack in the nation’s history. While the ransomware infected IT systems, not OT systems, the impact was the same – fuel delivery along the U.S. East Coast was disrupted. Threat actors achieved similar outcomes with a ransomware attack targeting the world’s largest meat processor, JBS, which resulted in supply shortages and price increases. However, ransomware isn’t only being used to lock up systems until a ransom is paid. Another prevalent tactic is to steal sensitive business or customer data and threaten to leak it if demands are not met.
As more companies connect ICS devices to the internet and converge OT and IT, visibility into network assets is crucial. Secure remote access is also important to protect against weaknesses found in virtual private networks and other network-based attacks.
3. U.S. Cyber Legislation
This year has been nothing short of historic in terms of the level of attention by the U.S. government on industrial cybersecurity. In April, the Biden Administration through the U.S. Department of Energy kicked off a 100-day plan to address electric grid cybersecurity. One month later, in response to targeted attacks that impacted the lives of millions of people, the Biden Administration took the unprecedented action of issuing a White House Executive Order recognizing industrial cybersecurity as critical to national security and to the sanctity of the U.S. economy. This set the wheels in motion for additional legislation, including a national security memorandum for critical infrastructure that established the Industrial Control Systems Initiative, a voluntary effort aimed at private sector owners and operations to bring their systems in line with current threats. As we look forward, other legislative proposals working their way through Washington include stringent reporting requirements in the wake of incidents.
It’s against this backdrop that CISOs, IT personnel, and OT managers at industrial companies need to make decisions about how to focus their resources – people, processes, and technologies – and where to invest to mitigate risk.
Wherever your organization is on your journey to stronger industrial cybersecurity, The Claroty Platform can help you manage risk and assure continued operations of critical processes. The platform is an agentless solution that provides asset visibility to identify vulnerabilities and suspicious behavior, Continuous Threat Detection (CTD) to detect and track threats that cross the IT/OT boundary, and Secure Remote Access (SRA) solutions with strict controls over sessions—all in a single solution. Driving lower total cost of ownership and further strengthening security, The Claroty Platform integrates with existing IT security systems and workflows, enabling seamless connectivity of the industrial cybersecurity program to the IT security program. CISOs are empowered to execute an enterprise-wide risk management strategy more efficiently and effectively.
Download the report for more details on these trends, today’s ICS risk and vulnerability landscape, and risk mitigation strategies.
We invite you to join Team82 researcher, Chen Fradkin on Sept. 15 for a webinar about the Biannual ICS Risk & Vulnerability Report: 1H 2021. Register here.