The term “cyber-physical systems” (CPS) was coined more than 15 years ago, but it is now entering the mainstream as digital transformation intensifies, and operational technology (OT) environments become increasingly interconnected with IT systems and Internet of Things (IoT) devices. Cyber-physical systems encompass OT assets and systems, along with a proliferation of connected devices. As a result, when we think about protecting OT environments, we need to start thinking of cyber-physical systems security more holistically, because it better reflects the reality we operate within today, as our physical world connects more deeply and broadly with our digital world.
Let’s take a closer look at this evolution in cybersecurity.
In the past, IT and OT were seen as distinct and isolated business domains. IT focused solely on capabilities necessary to process data, while OT focused solely on devices responsible for monitoring or carrying out physical processes.
However, as digital transformation accelerated, connecting OT networks to IT systems and the Internet has unlocked tremendous business value – enabling improvements in operations efficiencies, performance, and quality of service. The level of interconnectivity introduced by the rise of the IoT — including more sector-specific concepts such as the Industrial Internet of Things (IIoT) and Internet of Medical Things (IoMT), along with the holistic Extended Internet of Things (XIoT) — further fueled IT-OT convergence. And now we’ve reached a point where our physical world is very dependent on its digital components.
While the terms IT and OT can be applied to specific devices, hardware, and software, the expanding interface between cyber (i.e., IT) and physical (i.e., OT) technologies has given rise to the concept of cyber-physical systems with applications including heavy industry, healthcare, building management systems, and critical infrastructure. Even our most basic needs like food, water, and healthcare depend on cyber-physical systems and the connected devices that underpin them.
Given this evolution, it isn’t surprising that the concept of cyber-physical systems is strongly related to terms such as Industry 4.0 and the XIoT. However, according to an article by Edward A. Lee and Albert M. K. Cheng published in peer-reviewed journal Sensors in March, 2015, cyber-physical systems is more “foundational and durable” terms than other terms related to these developments, because “it focuses on the fundamental intellectual problem of conjoining the engineering traditions of the cyber and the physical worlds,” without getting hung up on specific implementation approaches or applications.
This distinction of cyber-physical systems as an overarching term that comprises multiple assets and systems across multiple environments interacting with one another is important, as it helps explain the security challenges.
Since cyber-physical systems are complex, comprise different types of devices and different protocols, and are connected to each other and to the Internet, securing them is both challenging and critically important.
Cyber-physical systems and the array of underlying connected assets were not necessarily designed to co-exist seamlessly and operate securely in a connected environment. This is par for the course with technology innovation, and it will take years, if not decades, before a new generation of connected assets emerges with more natively integrated security processes and pathways.
At the same time, cyber-physical systems are attractive targets because of their criticality levels and vulnerabilities that leave them open to attack. While compromised IT networks and security breaches that exfiltrate personal data are very costly and have other financial implications, they don’t threaten the physical world we live in and the systems we depend on. Lives and livelihoods are at risk when cyberattacks spillover into the OT realm and have a physical impact. Some examples of threats associated with cyber-physical systems include:
Malware: Targeted attacks against a Ukrainian electricity provider using Industroyer2, a variant of the 2016 Industroyer malware.
Ransomware: The ransomware attack on Colonial Pipeline compelled operators to shut down oil and gas delivery to millions of people to mitigate impact to the OT network.
Unauthorized Remote Access: The Oldsmar, Florida water treatment facility was breached by a remote attacker that managed to gain access to systems via desktop-sharing software.
Distributed Denial-of-Service (DDoS) Attacks: Russian threat actors launched a series of DDoS attacks against commercial satellite networks to disrupt Ukrainian command and control with spillover impacts on other European countries.
Service Tampering: White-hat hackers have demonstrated vulnerabilities in IoMT devices that allow them to increase dosages or manipulate shocks that result in sudden death.
Supply Chain Attacks: The SolarWinds Orion software attack enabled a threat actor to establish a foothold in Orion users’ networks and move laterally to gain access to other network domains in order to steal data or exploit other vulnerabilities.
The range of types of attacks across sectors also reflects another challenge with cyber-physical systems security: a breadth and depth of domain knowledge to understand how best to secure each environment while operating within the models and methods unique to each. IT security teams typically prioritize confidentiality of data over integrity and availability, while teams that run OT networks prioritize availability (or uptime) over integrity and confidentiality. Respecting those priorities within the paradigms of each sector is paramount.
Clearly, the scope of cyber-physical systems goes beyond just OT. However, OT is arguably the most foundational component, as it embodies the “P” in cyber-physical systems and bridges the gap between the cyber and physical worlds. When Claroty was founded in 2015, our mission was to protect critical infrastructure organizations with the strongest OT security solution on the market, hence the "OT" in Claroty. We also knew that the biggest advantage defenders have is to know their networks better than the adversary. Visibility to provide clarity of what is happening across the entire OT environment including systems and workflows is essential and is also reflected in our name.
So, we developed the Claroty Platform, fueled by broad domain knowledge of physical systems and workflows, along with deep capabilities including full-spectrum visibility, risk and vulnerability management, threat detection, and secure remote access controls – all of which integrate seamlessly with an organization’s existing technology stack. And in 2021, Claroty was named a leader with the top-scored current offering in The Forrester Wave™: Industrial Control System (ICS) Security Solutions, Q4 2021.
With the rise of the XIoT and more complex cyber-physical systems, this foundation has allowed us to evolve our solutions beyond OT security to more holistically address cyber-physical systems security. The central role of OT within cyber-physical systems security, our unmatched visibility and OT protocol coverage, and leading OT security technology and expertise give us the springboard to become the strongest cyber-physical systems security vendor on the market. We have combined these core strengths with strategic investments to bring additional, specialized models and methods into a single platform to help organizations move towards cyber-physical systems security quickly and effectively.
Regardless of what the future brings, one thing is clear: cyber-physical systems and the networks they operate on have become attractive targets for threat actors. These networks are critical, and therefore valuable. As defenders, we need visibility and control over those assets, so we can proactively prepare for the likely scenarios.
Having visibility into all cyber-physical systems assets so you can understand your risk posture, is an excellent first step to prepare proactively and focus on addressing likely paths of attack. In addition to that, sophisticated attacks on cyber-physical systems do require extensive preparation by adversaries and usually take a significant amount of time to carry out, with lots of lateral movement. Having the ability to monitor cyber-physical systems for early warning indicators of compromise gives Claroty customers the home-field advantage of detecting an adversary preemptively and taking necessary steps to mitigate risk.
At Claroty, we’re committed to a future where cyber and physical worlds safely connect to support our lives and we are delivering the leading cyber-physical systems security platform to make that happen.