Securing your IoT devices is more important than ever, especially if your critical infrastructure is tied to industrial control systems.
Are cyberattacks on critical infrastructure the “new normal”?
As critical infrastructure—like water, electric power grids, natural gas distribution and healthcare systems—become more connected to industrial control systems (ICS) and the Internet of Things (IoT), the cyberattack surface has begun to expand rapidly. In fact, the 2020 World Economic Forum’s Global Risks Report 2020 listed cyberattacks on critical infrastructure as a top concern, noting that “attacks on critical infrastructure have become the new normal across sectors such as energy, healthcare, and transportation.”
One reason why critical infrastructure and industrial control systems have become more vulnerable recently is due to the fact that hackers and bad actors have gained a deeper understanding of these control systems and ways to exploit critical infrastructure assets with weaponized malware. The recent SolarWinds cyberattack is just one recent example of this, and should put any organization on high alert if their critical infrastructure and industrial control systems interact.
Why are industrial control systems more vulnerable today?
Because industrial control systems have been connected to enterprise networks and to those providing remote support, the typical ICS environment is no longer the impenetrable, air-gapped network it was once thought to be. Attackers can now find their way into operational technology (OT) environments through newly connected devices and converging networks.
Threats against industrial control systems and OT have increased threefold in the past year, and that figure could grow dramatically as more devices and sensors connect to the IoT. In fact, The McKinsey Global Institute estimates that 127 new devices connect to the internet every second. As digital transformation drives OT and information technology (IT) teams to be more independent, controlling risks by enforcing strict security policies and building secure infrastructures is more important than ever. While the data lost in a cyberattack can be restored, lost production time can cost organizations millions.
What steps should I take to protect my assets?
The explosive growth of devices connected to the IoT can make protecting critical ICS, OT and IT systems from cybersecurity threats a challenge, as they all have unique operational frameworks, access points, and legacy systems behind them. Newly integrated hardware and software combined with the growing number of sensors are redefining surface attack opportunities for hackers and cybercriminals across all critical infrastructure.
So, how should we address this threat? To start, organizations should be sure to implement a comprehensive IoT security approach that secures IT, OT and ICS environments. This approach should be able to:
- Provide a complete inventory of all IT and OT devices
- Identify risks associated with each device on your network
- Monitor each device’s behavior and communication patterns
- Send alerts about potential policy and security violations
Mitigating these threats requires implementing a comprehensive risk framework to address vulnerabilities in OT/IT convergence, including zero-trust architectures to combat cyberattacks. It is also important to apply and enforce industry security protocols, especially related to Supervisory Control and Data Acquisition (SCADA).
If your organization needs to secure your IT, OT or ICS assets or would like guidance on securing the IoT solutions you already have in place, be sure to contact us, visit siriuscom.com/IOT for more information, or call 800-460-1237.
