Sponsored by BT Business

The threats targeting operational technology and how to beat them

A woman looking at a computer terminal attached to a machine in a factory.
(Image credit: Getty Images)

Operational technology (OT) directly oversees and controls industrial systems that are critical to industries such as manufacturing, energy, aerospace, and transportation.

The backbone of industrial control systems (ICS) and critical national infrastructure (CNI), OT is essential for automating dangerous machinery and is a key component at the heart of any sector.

In recent years, it has expanded to support smart manufacturing environments and leaders have had to contend with the challenge of keeping it up to date and in line with other advances across their estate. Achieving this in any meaningful way can be difficult and time-consuming.

But, as with all valuable, irreplaceable systems, OT is in the crosshairs of attackers looking to hit victims hard as leverage for ransom demands – or just to cause as much damage as possible. Attacks on OT can be incredibly expensive and difficult to fix, and run the risk of impacting CNI causing even higher costs and the potential for harm to individuals.

Outdated hardware, unpatched software

One of the major risks associated with OT is that much of it predates modern security approaches. The individual devices that control a manufacturing floor may have been supplemented over time by advances such as Internet of Things (IoT) networks, but the machines themselves could well be running on aging software that is generations behind when it comes to cybersecurity.

“Most businesses have seen OT and IT develop very separately over the years, so there’s little crossover between the two sides – and the gaps in between provide a rich hunting ground for cybercriminals. More and more organizations understand they need to establish a single, comprehensive enterprise-wide security strategy. But combining IT and OT security isn’t simple,” BT highlights in this OT threat management data sheet.

“Much of a typical OT infrastructure was never designed with security in mind. Devices can have a lifespan of 20 to 30 years, running old operating systems that are difficult, if not impossible, to patch. And because there are so many different OT standards and protocols, interoperability is a massive challenge.”

These systems often contain unpatched vulnerabilities, which either go overlooked or are deemed too difficult to address on their old software. Threat actors know all of this and readily exploit these OT vulnerabilities to incapacitate, damage, or destroy CNI.

Attacks against critical national infrastructure (CNI), often carried by state-sponsored threat actors, often take the form of a targeted ransomware attack using a known vulnerability as an entry point into what should be a secure OT system.

The UK’s National Cyber Security Centre (NCSC) and the US Cybersecurity and Infrastructure Agency (CISA) recently issued a warning over Russian targeting of OT and industrial control systems (ICS) across Europe and North America.

In 2023, Microsoft Defender data revealed that 78% of OT devices monitored by Microsoft Defender for IoT contain known vulnerabilities – 32% of which run legacy systems lacking critical patches.

Approaching OT security with the understanding that it’s an ongoing battle requiring regimented organization and centralized data – rather than a problem you can simply build a moat around – is key. Leaders can identify these vulnerabilities and stay in the loop on potential threats by working with a dedicated cybersecurity partner.

BT is one such provider able to offer a wide range of OT security solutions, rooted in identifying the overlooked aspects of a business’s OT estate and ensuring all systems are up-to-date.

Its approach hinges on gathering near real-time information from sensors across your estate, to identify weaknesses in your OT network or flag potential anomalies as and when they arise.

This can be accessed from a central dashboard, helping security and operational teams monitor all traffic from sensors throughout the network to ensure everything is running correctly and no suspicious activity is occurring. Through BT, this dashboard can be plugged directly into an enterprise’s current security, information and event management (SIEM) system to detect attacks on OT before they can be carried out. What’s more, BT can also run the SIEM for customers if that option is required. This uniquely positions the tech firm to offer organizations either OT threat management or converged IT/OT threat management.

Approaches like this don’t just help the IT and OT teams within an organization to compare notes and keep attacks at bay. They also help leaders to ensure that all systems are meeting the security requirements necessary in our dangerous threat landscape.

It’s for this reason that BT recommends businesses encourage collaboration between teams when it comes to defining and managing OT security, rather than passing this off onto their chief information security officers (CISOs) as 70% of European organizations have chosen to do in the past.

Connecting and converging without compromises

BT also benefits from having a broad portfolio which includes LAN and WAN assistance, expertise it can lean on when customers need to converge IT and OT environments without disrupting their existing systems and network environments.

This is important because most OT has to connect with wider systems at some point in the chain – but this must be done in as secure a manner as possible to prevent attackers from entering through cybersecurity weak points and moving laterally into OT and other critical systems.

Some businesses may choose to air gap their OT systems, in which OT is intentionally separated from IT environments to quarantine it against potential cyber threats. But this is not the cure-all that it may seem. In the first place, it’s very difficult to entirely separate OT one’s IT and OT networks.

Secondly, air gaps are not an effective countermeasure to every kind of OT attack. For example, software supply chain attacks see attackers breach legitimate vendors who are trusted with an organization’s data.

Threat actors may even target a company’s OT by physically providing staff with storage devices such as a USB containing malware. The hope here is that staff will plug the device into a device connected to their company network, triggering the malware to execute, infect its initial device and then spread around the network. This was the attack vector for the infamous worm Stuxnet, which attacked Iranian nuclear program networks in 2010.

Enterprises looking to scale systems and more easily interface with their critical systems are increasingly moving OT to the cloud such as supervisory control and data acquisition (SCADA) systems, a subsection of OT used to manage industrial environments. This opens it up to potential attacks

The legacy aspect of OT, one of its standout challenges, is also a reason to choose a well-established partner like BT. The company has several years of hands-on experience with multiple generations of OT systems and the knowledge needed to connect legacy tech to the rest of a business’s IT estate without putting it at risk.

Importantly, what BT offers isn’t a solution fit for purpose today only. Its centralized approach to observability ensures it keeps one eye on what’s coming so customers can be confident they are future-proofed. This will help leaders identify inefficiencies or systems that will need replacing down the line, removing the guesswork necessary to form a clear long-term plan for one’s OT.

It’s clear that rather than focusing on individual lines of defense, leaders should invest in comprehensive OT security strategies to stand the best chance against the wave of opportunistic attackers looking to score a hit on critical systems.

“Integrating your OT with your IT is an opportunity to improve both efficiency and reliability. But poorly secured operational environments are an attractive target for cybercriminals,” BT warns in this OT-specific video.

“As you connect your production facilities, can you be sure you aren’t opening glaring holes in your business’ security?”

OT is simply too important to leave to chance. Given the range of attacks to which OT is vulnerable and the complexity of insulating it without help, working with a trusted partner like BT is a highly recommended step for any business looking to consolidate its OT and prevent future attacks.

Whatever your business, BT’s here to provide unmatched reliability, dedicated support, and robust cyber security. We’ve got your back. To find out more, click here.

TOPICS
ITPro

ITPro is a global business technology website providing the latest news, analysis, and business insight for IT decision-makers. Whether it's cyber security, cloud computing, IT infrastructure, or business strategy, we aim to equip leaders with the data they need to make informed IT investments.

For regular updates delivered to your inbox and social feeds, be sure to sign up to our daily newsletter and follow on us LinkedIn and Twitter.