This is a summary of an article written by Rick Peters, CISO, Operational Technology, North America at Fortinet. The entire article can be accessed here.
As energy and utility companies undergo digital transformation, they face unique challenges when it comes to cybersecurity, especially in recent weeks. Because they provide critical infrastructure services, they are very attractive to cybercriminals. The majority of the core functions of these organizations occurs within their OT networks, which were once isolated from cyberattacks. But as IT and OT environments converge, OT devices are now being targeted by threat actors that are demanding ransom, stealing trade secrets, and engaging in cyber warfare.
While these companies have similar vulnerabilities to those in other sectors, their expanded digital footprint across diverse supply chains, transportations, and delivery systems increase their risk of falling victim to cyberattacks. What’s more, many of the traditional security tools that work in other sectors simply will not work in the OT environment.
When working to address this issue, it is important to understand just how widespread the challenge is – more than half of organizations have experienced a breach in their ICS or supervisory control and data acquisition (SCADA) systems. Because of the prevalence of these cyber risks, there are several solutions that leaders must put into place to defend against these complex cyber threats.
Four Strategies for Securing OT Environments
The potential for a cyberattack on our energy and utility companies needs to be addressed by leaders in the industry, and without a moment to spare. Lack of awareness, heightened focus on transformation without regard to security, and a spending gap has all contributed to increased risk across these critical infrastructure environments. Fortunately, thanks to mounting awareness of these threats, cybersecurity is quickly becoming a top priority for most energy and utility companies.
The question is, what can cybersecurity teams do to quickly protect their OT environments? The answer boils down to four key strategies:
- Zero Trust Network Access. All devices and all users must be scrutinized, logged, and monitored for vulnerabilities. NAC solutions can investigate devices for context (who, what, where, when, how), tie them to policy, control access based on role, and limit privileges to just those resources needed to do the job. Ongoing monitoring ensures devices comply with policy once they have been granted access.
- Segmentation. When practicing a zero trust network access strategy, the assumption is that users, devices, and apps may have already been compromised and countermeasures must already be in place. Dynamically segmenting these devices, apps, and workflows acts, either at the point of access or when workflows and transactions are initiated, serves as a way to limit the impact of a breach.
- ICS/SCADA security. Cybersecurity teams must identify and deploy security tools that have been created expressly for the energy and utilities sector – they should be able to meet the demands of ICS/SCADA environments, function without disrupting delicate OT systems and sensors, support common protocols, and withstand the harsh physical conditions where they are often deployed.
- Business analytics. Visibility is key. A proactive security posture that handles threats at speed is essential – it must be able to make use of advanced behavioral analytics to identify abnormal behavior, quarantine offending devices, and safely detonate threats so attacks won’t impact live operations.
Cyber threat actors and adversaries lurk everywhere, targeting energy and utility companies with a vengeance not commonly seen in other sectors. As guardians of our critical infrastructure – including energy grids, mining and drilling operations, refineries, energy transportation and pipelines, and materials companies – the security teams who work in these organizations have an enormous challenge ahead of them. The four strategies outlined above are their building blocks for success in outmaneuvering cyber criminals seeking to harm our critical infrastructure.
Learn how Fortinet can help you extend security and maintain compliance in any ICS/SCADA-connected environment.