Digital transformation and the rapid adoption of connected technologies has significantly altered the operations of critical infrastructure sectors, offering them immense benefits like real-time data analysis, efficiency enhancements, and cost reductions. This change is reflected in this forecast, predicting there will be nearly 40 billion IoT connections around the globe by 2029, almost double today’s numbers.
However, the increased adoption and interconnectivity of these technologies have also expanded the attack surface for cyber threats. Over the past three years, cyber incidents involving critical infrastructure have surged, with around 75% of manufacturing and other critical infrastructure sectors being targeted by ransomware in 2023 alone.
These cybersecurity issues have triggered responses from governmental and international bodies to develop and broaden regulatory guidelines designed to safeguard cyber-physical systems (CPS). These measures, such as NIST 1500-201, IEC-62443, the TSA Directives, and the EU's NIS2 directive, strive to encourage critical infrastructure organizations to enhance their industrial cybersecurity measures and resilience to avoid operational interruptions or thus comply with regulations.
Despite these efforts, it's clear that the rapid progression of digital connectivity currently exceeds organizations' capacity to effectively manage cyber-physical system risks amid escalating threat activity and regulatory pressures. Therefore, comprehensive industrial cybersecurity has evolved from an optional advantage into a mandatory requirement, affecting national security, economic stability, and public safety.
What is Industrial Cybersecurity?
Industrial cybersecurity refers to the protection of critical infrastructure, including manufacturing plants, power grids, chemical plants, and other industrial control systems (ICS) from cyber attacks. Industrial cybersecurity is critical because an attack can have severe consequences such as production downtime, physical damage, environmental damage, or even in extreme cases, loss of life.
According to the same Industrial Cybersecurity Report mentioned above, more than 95% of CISOs in critical infrastructure sectors are or will soon be responsible for securing their CPS environment. As such, it is imperative that they understand the challenges of industrial cybersecurity, and follow the best practices needed to secure their unique CPS networks.
Ongoing Threats to Critical Infrastructure
As adversaries continue to adapt and the attack surface evolves, critical infrastructure organizations require a unified industrial cybersecurity approach suited to protect their environment. But, before they choose a solution vendor to make this possible, they must first understand the cybersecurity challenges plaguing the sector:
1. Nation-State Attacks:
Threat actors have continued to show an interest in compromised operational technology (OT) in critical infrastructure systems. These nation-state threat actors are known for their advanced persistent threat (APT) activity, and are generally well-resourced and engage in sophisticated malicious cyber activity that is targeted and aimed at prolonged network/system intrusion.
2. Leveraging Existing IT tools for CPS-centric problems:
Many industrial organizations attempt to employ existing IT security infrastructure in their CPS environment for cost savings and simplicity purposes. However, this can bring about several operational risks, caused by factors unique to industrial environments such as system fragility, unique architectures, proprietary protocols, and environmental and operational restraints. As such, traditional solutions are neither practical nor effective in securing these environments.
3. Utilization of Antiquated Approaches to Visibility:
Historically, the most common approach to achieving OT asset visibility has been through passive-only discovery. This method requires hardware, configuration changes, and resources to deploy. While valuable, these controls depend on the automation vendor’s implementation, and frequently lack the depth of insight into an environment required to achieve cyber risk reduction outcomes.
4. IT-centric Solutions Lack Valuable Insights:
Utilizing IT-centric solutions and/or limited passive-only means to profile CPS assets can limit organizations with an incomplete asset inventory. They are then left with a weak foundation that cannot support a robust industrial cybersecurity program. Without strong visibility and the resulting insights, asset owners will not be able to effectively deploy risk reduction controls such as threat detection, vulnerability management, network segmentation.
5. Utilization of Single-purpose Security Products:
Gartner estimates that by 2027, “75% of security teams will have on-boarded at least five tools to manage CPS security…a major increase compared with one or two they might use today.” In addition to the increased investment required to deploy, integrate, and maintain this number of tools, point product approach lacks cohesion, which can lead to security blindspots in a continuously evolving industrial threat landscape.
Best Practices to Mitigate Threats
As critical infrastructure organizations continue to face new and evolving threats, it’s time for a unified approach to industrial cybersecurity. You can begin by implementing the following best practices:
1. Establish a Comprehensive Asset Inventory
A comprehensive asset inventory is foundational to your industrial cybersecurity journey. It is imperative for industrial organizations to know what assets they have, where they're located, what their status is, and how they function. With a highly detailed, centralized inventory of all assets, organizations can identify redundant assets, ensure efficient use of resources, and prioritize maintenance or upgrades.
2. Implement Exposure Management Strategies
Once a detailed asset inventory is established, it is time to systematically identify and prioritize vulnerabilities in order to reduce the likelihood of a security breach. By proactively addressing weaknesses in critical systems, networks, and applications, your organization can reduce the risk of exploitation by threat actors. By progressing beyond traditional vulnerability management workflows, organizations can create a more dynamic and focused approach to managing their overall exposure to risk.
3. Protect your Network
Critical industries including oil and gas, transportation, food and beverage, manufacturing, and more, have very specific regulatory requirements for securing OT networks. With proper OT network segmentation, organizations can prevent the spread of cyberattacks by restricting their lateral movement through the network. Separating networks into smaller subsets allows them to be more manageable, allowing organizations to allocate their resources more efficiently by reducing traffic and improving network performance.
4. Enforce Secure Access
Secure access is crucial in managing critical infrastructure as it allows businesses to optimize and scale operations, and maintain efficiency. However, many organizations are utilizing traditional approaches to remote access including VPNs, which pose considerable risks and introduce inefficiencies. As a best practice, critical infrastructure organizations should adopt an OT access solution that extends zero trust based access controls by removing the complexity and administrative barriers to effective, efficient remote access to industrial environments for both internal and third-party users.
5. Continuously Detect Unknown Threats
Finally, it is paramount that critical infrastructure organizations detect known and unknown threats, as well as monitor for critical change operations on CPS that can impact the way they operate. With multiple detection engines, organizations can profile all assets, communications, and processes in their industrial network. Additionally, with continuous monitoring capabilities, organizations can understand how their assets communicate under normal circumstances, and be alerted to any policy violations.
There are several best practices for securing industrial environments; however, the five above are essential for organizations just getting started on their cybersecurity journey. With so much guidance available, it's also important to partner with the right CPS security vendor to protect your critical environment.
Key Criteria for Choosing a Solution Vendor
Choosing the right solution vendor to meet your unique industrial cybersecurity needs can be a daunting task. That’s why we’ve created the Ultimate Guide Buyer’s Guide for Industrial Cybersecurity Platform. In this guide, we display the most important criteria to consider when evaluating a CPS security solution. This criteria includes, maturity and stability of an organization, breadth and depth of their portfolio, their industry contributions, and whether or not their security solutions are OT-centric.
The best practices listed above, along with our Industrial Buyer’s Guide are designed to empower your organization to reduce CPS cyber risk — no matter where you are in your industrial cybersecurity journey. For more information, explore The Claroty Platform or simply request a demo.
