Cybercriminals Increasing Focus on Operational Technology and Industrial Control Systems

A new threat is looming on the horizon. Hackers have taken a new approach to targeting operational technology (OT) and industrial control systems in manufacturing. The 2022 Honeywell Industrial Cybersecurity USB Threat Report found that malicious actors are designing and using malware to circumvent air gaps manufacturers expect will protect their systems.

There’s been a 32% increase in the use of removable media, like USB drives and memory cards since last year. These tools accounted for 52% of attacks in 2022, more than double the 19% of attacks reported in 2020.

Removable media has become a preferred initial attack vector as it allows hackers to establish remote connectivity, penetrate OT/industrial environments, identify and steal data, and establish control. 

According to the report, cybersecurity threats continue to increase, becoming more potent and prominent. Those targeting OT/industrial control systems increased YOY from 30% to 32% and malware climbed from 79% to 81% since 2021.

Protect Sensitive Data

The best defense against this growing removable media threat? Continued diligence and robust USB controls. But first, we should talk about the specific area that’s become a new hacker favorite: the air gap.

An air gap refers to an intentional lack of digital connectivity between outside/untrusted environments — like the internet — and a specific computing environment. Air gaps are used in industrial controls to separate operational and automation systems (the OT element) from business systems (the IT element). 

It’s become rare to see an absolute air gap because business and operational systems increasingly rely on digital communications. However, the term is most commonly used to refer to the layer of logical segmentation, strict network access policies, and security controls within OT environments. 

Here are steps organizations can take to protect themselves and their sensitive data.

Document and Understand the Operational Environment

Assess all the data flows, details about connected devices, networks, and any other physical access points (like switches or sensors) a hacker could exploit. Segment critical systems based on analysis of the operational flows of OT applications and other operating systems and protocols.

Identify Greatest Vulnerabilities, Characterize Threats, Prioritize Risks

Determine which critical processes and assets that would suffer most if compromised and start prioritizing your protections there. Look at hardware and conduct software vulnerability analyses. Then document and map those critical processes and embedded systems.

Create and Assign Roles and Responsibilities

You must define and understand the roles and responsibilities of enterprise and manufacturing cybersecurity. Develop policies, plans and procedures most effective for managing a robust cybersecurity approach. Executive leadership must support the governance program so organizations can scale and transform them to address future cybersecurity threats.

Establish a Clear USB Security Policy

Because hackers are using USB removable media as their initial attack vector, companies must establish and enforce technical controls to keep all USB media and peripherals secure.

Reduce the Mean Time to Remediation (MTTR)

Hackers are using USB to introduce new threat variants more quickly and efficiently. IT teams should reevaluate existing controls and patch cycles to shrink or close MTTR. Leveraging external controls to provide real-time threat detection and protect key systems, using integrated monitoring and incident response procedures will help shore up defenses as well.

Detection sensors, centralized log aggregation, and consolidated monitoring empower teams to gain broader and faster visibility of cyber threats. Coordinate approaches to managing OT and industrial incidents.

Increase Vigilance Documents, Files, and Other Digital Content

Companies should also implement inspection and detection-based controls for all removable media, network connections, and any other primary vectors into and among protected industrial facilities. This strategy will strengthen the ability to proactively prevent the integration and propagation of content-based malware.

Strictly Control Outbound Network Connectivity from Process Control Networks

Firewalls, network switches, and routers all offer protection from threats crossing the air gap via USB. These tools can prevent hackers from gaining a toehold, creating back doors, and obtaining remote access to install payloads and establish remote command and control.

Stay Diligent About Security Upkeep

Update antivirus software in process control facilities daily. Use a layered approach in your threat detection, including deploying threat detection tools specifically designed to capture and analyze OT-specific threat intelligence. A high percentage of threats found in OT environments can evade detection by traditional antimalware software — keeping those controls current increases their effectiveness. 

Patch and Harden End Nodes 

Because today’s threats are able to establish difficult-to-detect remote access in air-gapped systems, organizations must harden OT systems to improve incident MTTR.

Drive Organizational Change Through Continuous Awareness, Education, and Practice

Tailor education and awareness programs according to role. For example, plant managers require different insights than general managers or procurement specialists. Educate everyone — from operators to administrators and executives and boards — to cultivate a culture prioritizing cybersecurity as a key enabler of:

  • Business operations and stability
  • Revenue generation
  • Safety 

Production delays carry serious impacts on current contracts, revenues, company reputation, and long-term growth. Offer consistent training and practice opportunities by conducting cybersecurity exercises.

The threat landscape is constantly evolving. A resilient approach to IT and OT cybersecurity reduces the impact of cyberattacks while also strengthening an organization’s security posture promoting productivity, increasing safety, and preserving customer trust.

Are you a commercial real estate investor or looking for a specific property to meet your company’s needs? We invite you to talk to the professionals at CREA United: an organization of CRE professionals from 92 firms representing all disciplines within the CRE industry, from brokers to subcontractors, financial services to security systems, interior designers to architects, movers to IT, and more. 

Related Articles