We have all heard that safety is king when it comes to OT environments, but there is more to that than meets the eye. Safety goes well beyond taking precautions to avoid the common hazards, such as slipping or tripping hazards, or ensuring workers don’t get injured on the job. Instead, it’s a holistic protection of the workers, communities at large, and the business. As we move further into the digital world, including Cyber-Physical Systems (CPS), cybersecurity needs to be part of these safety conversations that are so prevalent in the OT culture. Unlike IT environments, downtime or unexpected or unplanned changes in critical infrastructure operations can have very serious ramifications in the physical world. This can be caused by common malware that we sometimes see on the business network that bleeds over into the OT side where there can be resulting negative impacts due to a lack of segmentation between the two environments. There is also more targeted, advanced malware that needs to be dealt with as well. It’s a consideration that many executives and boards of directors are beginning to discuss. According to the World Economic Forum’s , more than 76% of respondents now agree that attacks against critical infrastructure will increase in 2020, putting cybersecurity as a top issue in line with major concerns like the effects of climate change and global economies. Global Risk Report 2020 At risk of being cliché here, is a perfect example of that advanced malware where safety and cyber intersect. Stuxnet targeted the programmable logic controllers (PLCs) that controlled and manipulated centrifuges to the point that they were physically damaged and unusable thus causing substantial damage and delay to Iran’s nuclear program. Stuxnet The , also known as Trisis and HatMan, was first observed in 2017 to target industrial control systems, specifically the Schneider Electric Triconex safety instrumented system (SIS) controllers, with characteristics designed to disable plant safety and failsafe mechanisms. Although the impact of the attack was “just” a shutdown of a critical infrastructure facility in the Middle East, it is widely thought that the intended result was a catastrophic incident. Regardless of the intent, there is high probability that another iteration of this malware could easily have catastrophic physical consequences. Triton malware More recently, the widely publicized in March of 2019 illustrated the use of the LockerGoga ransomware in the industrial space. It’s not the first ransomware to infect OT, but it does have some variations to it that make it a little different from the others.  It wasn’t the only attack of this kind in recent months, with the Cybersecurity and Infrastructure Security Agency (CISA), warning OT operators to protect themselves after a halted operations for two days due to a partial . Norsk Hydro ransomware cyberattack ransomware attack on a natural gas compression facility Loss of View While these are just a few examples, the reality is that most OT cyberattacks are not publicly reported and thus we do not have an entirely accurate view of the real breadth of attacks. The differences between IT and OT are many, including the need for availability of the systems, the types of devices used, the environments they reside in, the protocols used, and the longer life expectancy of the systems. The consequences of something going wrong are also drastically different, including loss of life. There are various frameworks and knowledgebases available to help organizations further protect their OT environments and help to ensure a safe operating environment. One example is the MITRE ATT&CK Framework, which was expanded in January with the release of to include threats to human life and the physical environment. That update included a new category, recognizing that the goal of an OT attacker is generally to disrupt or destroy. The has also been added to address deception tactics that attackers may use in order to hinder safeguards that are in place. While these are not the only differences, the knowledgebase allows for a better understanding of the behavior of an adversary, as well as recognizing the impact compromised defenses may have in an OT environment. ATT&CK for ICS Impact Inhibit Response Function Many of us have been in the habit for years doing a job safety analysis (JSA) procedure to identify and address potential physical hazards. It might be even more common to begin meetings with a safety message to reinforce the importance of practicing safety. Safety in OT is paramount and is not going away, but as we continue shifting into the digital revolution, we must expand the boundaries of safety and consider the “new” ways that it can be impacted. As OT is the lifeblood of our nations and the global economy, it is paramount that we weave cybersecurity into the safety fabric that underpins all of this. Safety is king. Michael Piccalo is the Director of OT/ICS Systems Engineering at Forescout Technologies . With over 25 years of experience in the cybersecurity industry, he worked on deploying some of the first firewalls protecting OT and critical infrastructure back in 2001 and served in the U.S. Air Force prior to that working in various fields including communications, intelligence, and security.

Target

How Hackers use Online Job Postings to Infiltrate Organizations

Read My Stories

Too Long; Didn't Read

Boost your HackerNoon story @ $159.99! 🚀

Safety is King: Why OT Security is Mission Critical

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

How Hackers use Online Job Postings to Infiltrate Organizations

How Hackers use Online Job Postings to Infiltrate Organizations

Mapping Cybersecurity For The Distributed Web

Secure Instant Messaging Platform : The Importance of Security Algorithm in Chat Apps

108 Stories To Learn About Cybersecurity Tips

10 Ways to Mitigate Cybersecurity Risks and Prevent Data Theft

How Hackers use Online Job Postings to Infiltrate Organizations

How Hackers use Online Job Postings to Infiltrate Organizations

Mapping Cybersecurity For The Distributed Web

Secure Instant Messaging Platform : The Importance of Security Algorithm in Chat Apps

108 Stories To Learn About Cybersecurity Tips

10 Ways to Mitigate Cybersecurity Risks and Prevent Data Theft

Light-Mode

Classic

Newspaper

Dark-Mode

Neon Noir

Minty

HN StartUps