Securing Operational Technology

Operational Technology: The Hidden Threat Lurking in Your Network

Published
June 03, 2020

Author
Cynthia Gonzalez

Technology has long controlled mechanical processes. The systems that power electricity, water, and other utilities, for instance, are controlled by technology. But as the world increasingly adopts Internet of Things (IoT) technology to power everything from home appliances to office building lighting, cyberattackers are taking an interest.

Although this puts consumers at risk, experts are especially concerned about industrial applications. For organizations that rely on operational technology (OT), like utilities, transportation or manufacturing, a cyberattack could be disastrous. An attack could shut down a city’s electricity, or even halt a production line. One of the most notable instances of an OT attack was the Stuxnet worm, which targeted a uranium enrichment plant in Iran. That event alone called attention to the need to focus cyberattack prevention efforts on OT.

Read our white paper Securing Operational Technology for Rapid Threat Detection and Response to learn more about the promise and threat of operational technology and how to secure OT devices.

What is operational technology?

First, it can help to understand the full extent of operational technology. The term is used in general to reference software and hardware that controls physical devices. One example of a widespread use of OT is SCADA, which is an acronym for supervisory control and data acquisition. SCADA is used to monitor and control equipment both locally and remotely in industries across the globe. You’ll find this technology used in locations like manufacturing plants, telecommunications, water and waste control, oil and gas refining, and transportation.

In recent years, there has been a call to combine operational technology with the Internet of Things to improve operating efficiencies. Together, software interacts with hardware to allow remote control, as well as gather data for reporting purposes. However, connecting operational technology to the internet for remote control, opens the equipment up to be remotely controlled by hackers.

Security issues with OT

As technology evolves, issues have emerged. One is that the people overseeing OT are different from those handling an organization’s IT processes. OT may be outsourced, and it may have even been set up years ago. IT lacks the authority and visibility into the information necessary to manage security on these devices. As a result, OT systems are often overlooked in essential security practices like creating a disaster recovery plan and monitoring for suspicious activity.

But that separation isn’t the only issue. OT devices typically have their security issues, baked into their design. With multiple people managing them on a day-to-day basis, they often have multiple paths of attack. They also can be prone to neglect, with nobody applying security patches regularly. All these factors together provide the perfect breeding ground for cyberattackers looking for weaknesses.

Monitoring OT devices

Not only are IT professionals challenged to protect OT, but they also tend to be hampered when it comes to detecting issues. With your servers, computers, and printers, you likely have processes in place to alert you quickly if an anomaly is ever detected. With early detection, you can stop problems before they escalate, protecting your network.

Depending on how things are connected, attacks on OT devices can make their way to your corporate network. That means that the piece of equipment that malfunctions today could cause issues for your entire network, or alternatively, compromised corporate networks could affect your OT environments. The first step toward creating a plan to protect your OT is learning as much as possible about every piece of technology you have, including any OT or industrial IoT applications.

Consequences of inaction

Although organizations have stepped up their game in addressing OT risks in recent years, the attack surface has continued to grow. Mobile applications, wireless communication, and sensors are now being added to the OT landscape, increasing the risk to businesses. This challenges IT professionals to ensure they’re monitoring and protecting every piece of technology in the organization.

As other organizations step up their game, those security professionals who haven’t taken measures will leave themselves open to cyberattackers on the hunt for exposed systems. That makes it essential to not only put measures in place to protect your OT, but also to ensure that you’re alerted as soon as possible of any issues and have processes in place so that you can quickly take action.

Exabeam is aware of the threat OT poses to organizational security and advises security teams on how to keep their own environments safe. The dangers, as well as suggestions on how to keep your systems safe, are outlined in the whitepaper Securing Operational Technology for Rapid Threat Detection and Response. Click here to read the whitepaper.

Recent SIEM Articles

Combating Cyber Attacks With SOAR

Read More

Detecting Zerologon CVE-2020-1472 Using Exabeam Data Lake

Read More

Exabeam Leverages the Power of SaaS to Proactively Improve Security Content and User Experience

Read More

Recent Breaches Show Why Federal Agencies Need These 3 Requirements From Modern SIEMs

Read More

New Features in Exabeam Content Library Now Available 

Read More



Recent Information Security Articles

Expand Coverage Against Threats with Exabeam Content Library and TDIR Use Case Packages

Read More

Demystifying the SOC, Part 2: Prevention isn’t Enough, Assume Compromise

Read More

How Attackers Leverage Pentesting Tools in the Wild

Read More

The Differences between SIEM and Open XDR

Read More

Why I Joined Exabeam

Read More

Exabeam Growth and the Opportunity Ahead

Read More