www.armis.com
Open in
urlscan Pro
104.254.140.8
Public Scan
URL:
https://www.armis.com/blog/ot-security-goes-beyond-the-plc/
Submission: On July 07 via manual from US — Scanned from DE
Submission: On July 07 via manual from US — Scanned from DE
Form analysis
4 forms found in the DOMGET
<form id="lang-switcher" method="get"><select name="lang" id="lang-select">
<option value="https://www.armis.com/blog/ot-security-goes-beyond-the-plc/" selected="selected">EN</option>
</select></form>
GET https://www.armis.com/
<form action="https://www.armis.com/" class="search-form" method="get" role="search">
<label>
<span class="screen-reader-text">Search for:</span>
<input type="text" title="Search for:" name="s" value="" id="s" placeholder="Search …" class="search__field">
</label>
<button type="submit" class="search__btn"> Search </button>
</form>
<form id="mktoForm_1035" novalidate="novalidate" class="mktoForm mktoHasWidth mktoLayoutLeft cookie-autofill-data-loading" style="font-family: Helvetica, Arial, sans-serif; font-size: 13px; color: rgb(51, 51, 51); width: 1601px;">
<style type="text/css">
.mktoForm .mktoButtonWrap.mktoSimple .mktoButton {
color: #fff;
border: 1px solid #75ae4c;
padding: 0.4em 1em;
font-size: 1em;
background-color: #99c47c;
background-image: -webkit-gradient(linear, left top, left bottom, from(#99c47c), to(#75ae4c));
background-image: -webkit-linear-gradient(top, #99c47c, #75ae4c);
background-image: -moz-linear-gradient(top, #99c47c, #75ae4c);
background-image: linear-gradient(to bottom, #99c47c, #75ae4c);
}
.mktoForm .mktoButtonWrap.mktoSimple .mktoButton:hover {
border: 1px solid #447f19;
}
.mktoForm .mktoButtonWrap.mktoSimple .mktoButton:focus {
outline: none;
border: 1px solid #447f19;
}
.mktoForm .mktoButtonWrap.mktoSimple .mktoButton:active {
background-color: #75ae4c;
background-image: -webkit-gradient(linear, left top, left bottom, from(#75ae4c), to(#99c47c));
background-image: -webkit-linear-gradient(top, #75ae4c, #99c47c);
background-image: -moz-linear-gradient(top, #75ae4c, #99c47c);
background-image: linear-gradient(to bottom, #75ae4c, #99c47c);
}
</style>
<div class="mktoFormRow">
<div class="mktoFieldDescriptor mktoFormCol" style="margin-bottom: 10px;">
<div class="mktoOffset" style="width: 10px;"></div>
<div class="mktoFieldWrap mktoRequiredField"><label for="Email" id="LblEmail" class="mktoLabel mktoHasWidth" style="width: 100px;">
<div class="mktoAsterix">*</div>
</label>
<div class="mktoGutter mktoHasWidth" style="width: 10px;"></div><input id="Email" name="Email" placeholder="Email Address" maxlength="255" aria-labelledby="LblEmail InstructEmail" type="email"
class="mktoField mktoEmailField mktoHasWidth mktoRequired" aria-required="true" style="width: 150px;"><span id="InstructEmail" tabindex="-1" class="mktoInstruction"></span>
<div class="mktoClear"></div>
</div>
<div class="mktoClear"></div>
</div>
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow"><input type="hidden" name="utm_source__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="Website" style="margin-bottom: 10px;">
<div class="mktoClear"></div>
</div>
<div class="mktoButtonRow"><span class="mktoButtonWrap mktoSimple" style="margin-left: 120px;"><button type="submit" class="mktoButton">Submit</button></span></div><input type="hidden" name="formid" class="mktoField mktoFieldDescriptor"
value="1035"><input type="hidden" name="munchkinId" class="mktoField mktoFieldDescriptor" value="645-PDC-047"><i class="fa fa-5x fa-cog fa-spin"></i>
</form>
<form novalidate="novalidate" class="mktoForm mktoHasWidth mktoLayoutLeft" style="font-family: Helvetica, Arial, sans-serif; font-size: 13px; color: rgb(51, 51, 51); visibility: hidden; position: absolute; top: -500px; left: -1000px; width: 1600px;">
</form>
Text Content
* The State of Cyberwarfare * Support * Armis University EN * Platform ARMIS PLATFORM * Armis Centrix™ * Armis Centrix™ for Asset Management and Security * Armis Centrix™ for OT/ IoT Security * Armis Centrix™ for Medical Device Security * Armis Centrix™ for Vulnerability Prioritization and Remediation * Armis Centrix™ for Actionable Threat Intelligence * Armis Managed Threat Services CAPABILITIES * See * Protect * Manage DATA SOURCES * Armis Asset Intelligence Engine * Telemetry Intelligence * Integrations * Armis Centrix™ Smart Active Querying * Industries INDUSTRIES * Manufacturing * Information Technology * Telecommunications and Media * Retail * Hospitality * Transportation and Logistics * Automotive * Energy and Utilities * Health and Medical * Financial Services PUBLIC SECTOR * Government * Defense * Federal Government * State and Local Government * Higher Education * K-12 School Districts SECURING THE AUTOMOTIVE MANUFACTURING PROCESS WITH ARMIS CENTRIX™ * Solutions ASSET MANAGEMENT AND SECURITY * Full Asset Inventory and CMDB Enrichment * Attack Surface Management and Security Posture * IT and Security Hygiene and Gap Analysis * Compliance Reporting * Network Segmentation and Enforcement * Threat Detection and Response OT/ IOT SECURITY * Deep OT Visibility * OT/ IoT Environment Hygiene * Bridge the IT/ OT Gap * Monitor and Protect OT Networks * Intelligent OT/IoT Network Segmentation * OT/IoT Vulnerability and Risk Management * Process Integrity * Lifecycle Management MEDICAL DEVICE SECURITY * Visibility and Security Across the Entire Medical Fleet * IoMT/ IT Convergence Management * Asset Behavior Monitoring and Compliance * Understand Medical Device Utilization * Vulnerability and Threat Monitoring * FDA Recall and Security Advisories Management * Automated Network Segmentation and Enforcement VULNERABILITY PRIORITIZATION AND REMEDIATION * Fill Coverage Gaps in Vulnerability Detection * Vulnerability Data Enrichment * Vulnerability Prioritization * Vulnerability Remediation * Track Progress and Process Management COMPLIANCE FRAMEWORKS * CIS Critical Security Controls * DORA * MITRE ATT&CK for ICS * NIS2 * NIST * SOCI * Zero Trust * Resources RESOURCES * Resource Center * Case Studies * FAQ * IoMT Playbook * Converge IT/OT Cybersecurity Playbook ARMIS * Blog * Podcasts * Armis Labs Research * Armis University THE INVISIBLE FRONT LINE: AI-POWERED CYBER THREATS ILLUMINATE THE DARK SIDE * Partners PARTNERS * Partner Programs * Technology Partners * Service Providers PARTNER PORTAL * Partner Portal Access * Company ABOUT US * Company Overview * Newsroom * Analyst Relations * Investor Relations * Awards * Leadership CONNECT WITH US * Careers * Events * Contact Us Search for: Search Request a Demo * Home * Blogs * OT Security Goes Beyond the PLC JUN 14, 2024 OT SECURITY GOES BEYOND THE PLC BY MICHAEL ROTHSCHILD Senior Director, Product Marketing The threats that target Operational Technology (OT) are reshaping industries and are also expanding the attack surface. It is exposing critical infrastructure and manufacturing environments to heightened cybersecurity risks that may have not been an issue when these environments were first imagined. In order to truly secure OT, it is essential to understand the intricacies of critical infrastructure, associated security challenges, and best practices for safeguarding these systems. THE OT MARKET The OT market has seen substantial growth in recent years. According to Grandview Research, the OT market was valued at USD 190.95 billion in 2023 and is projected to grow at a compound annual growth rate (CAGR) of 10% from 2024 to 2030. This growth is driven by the increased adoption of automation and smart technologies across various sectors, including manufacturing, energy, and transportation. The expansion of the OT market underscores the need for robust and comprehensive security measures to protect these critical systems. THREAT LANDSCAPE ATTACK VECTORS OT environments are increasingly targeted by a diverse array of threat actors, including hackers, insiders, cybercriminals, terrorists, and nation-states. The appeal of OT systems as targets lies in their potential to cause massive disruption. These attacks can halt production lines, disrupt supply chains, and compromise safety systems, leading to significant economic and operational impacts. CRITICAL INFRASTRUCTURE AT RISK Critical infrastructure sectors, often referred to as the “CISA 16,” include essential services such as electricity, water, transportation, and healthcare. These sectors are vital to societal functioning and are thus prime targets for cyberattacks. Disruptions in these areas can have far-reaching consequences, affecting not only the targeted organizations but also the broader population. SECURITY CHALLENGES IN OT ENVIRONMENTS UNIQUE CHARACTERISTICS OF OT SYSTEMS OT systems, including actuators, robots, and programmable logic controllers (PLCs), are distinct from typical IT assets. Major manufacturers of OT assets include companies like ABB, Honeywell, and Yokogawa, each using unique protocols and standards. Unlike IT systems, OT systems are often designed for long lifespans and may run outdated software, making them more vulnerable to cyber threats. AIR-GAPPED VS. CONVERGED ENVIRONMENTS 1. Air-Gapped Environments: These environments are designed to be completely isolated from external networks, theoretically preventing cyber intrusions. However, maintaining true isolation requires the equivalence of a massive Faraday cage to eliminate all accidental convergence scenarios (see callout box). Despite these efforts, sophisticated attack vectors can still penetrate air-gapped systems through indirect means, such as physical media or electromagnetic emissions. 2. Converged Environments: These integrate IT and OT systems, facilitating data flow and operational efficiency. While beneficial, this integration also introduces new security challenges, as IT and OT assets share a common network. This convergence blurs the boundaries between IT and OT, creating a more complex security landscape where vulnerabilities in IT can affect OT systems and vice versa. ACCIDENTAL CONVERGENCE SCENARIOS Despite air-gapping efforts, sophisticated attack vectors have emerged, including: * FM Frequency Signals: Malicious actors can transmit data between computers and mobile phones using FM frequencies, bypassing traditional network security measures. * Thermal Communication Channels: Heat emissions from computers can be used to transmit data to nearby devices, exploiting temperature variations to encode information. * Cellular Frequencies: Cellular networks can be exploited to infiltrate isolated systems, leveraging mobile devices as a bridge to secure environments. * Near-Field Communication (NFC): NFC technology, commonly used for contactless payments, can be manipulated to breach security protocols in OT environments. * LED Light Pulses: Variations in LED light pulses in OT equipment can be exploited to transmit data, exposing critical systems to malicious activity. THE COMMONALITY OF THE BREACH The majority of OT based breaches actually start with a beachhead for the hacker achieved by compromising an IT based device and then laterally creeping to the OT side of the house. Some recent attacks are just a few examples but they are not the only ones: 1. Colonial Pipeline (2021): This ransomware attack targeted the pipeline’s IT systems, leading to a precautionary shutdown of the pipeline operations. The attack targeted the “third network”, resulting in shutting down the actual pipeline in an abundance of caution. 2. Volt Typhoon (2023): A China-backed cyber espionage group compromised IT systems across multiple critical infrastructure sectors in the United States. This included communications, energy, transportation, and water systems, demonstrating the pervasive threat to national security. 3. Muleshoe Water Filtration Plant (2023): A cyber intrusion led to the overflow of a water tank in a small Texas town, illustrating the vulnerability of local infrastructure via a remote access IT based device. 4. Australian Seaports (2023): A ransomware attack on four major Australian seaports caused significant disruptions, forcing a week-long shutdown that impacted imports and exports. 5. Synnovis Pathology Lab (2024): A ransomware attack disrupted diagnostic services at a prominent pathology lab in London, delaying medical care for patients and highlighting the direct impact of cyberattacks on healthcare delivery. BEST PRACTICES FOR SECURING IT AND OT COMPREHENSIVE ASSET INVENTORY Maintaining a detailed inventory of all IT, OT, IoT, and IoMT devices is crucial. This inventory should include physical, virtual, managed, and unmanaged assets. A comprehensive asset inventory helps organizations understand their attack surface and implement targeted security measures. It also aids in identifying and mitigating risks associated with outdated or unsupported devices. IMPLEMENTING RESILIENCE AND COMPENSATING CONTROLS Adopt a multi-layered security approach, ensuring that compensating controls are in place to mitigate risks. Security measures should be dynamic and adaptable to the evolving threat landscape. This includes the implementation of a cooperative approach involving the entire security stack that includes but is not limited to access controls, intrusion detection systems (IDS), intrusion prevention systems (IPS), and network segmentation to isolate critical systems and prevent lateral movement of threats. REGULATORY COMPLIANCE AND SECURITY FRAMEWORKS While regulatory compliance (e.g., NIST, NERC) is essential, it should be viewed as the baseline. Organizations should also adhere to comprehensive security frameworks such as MITRE ATT&CK and follow guidance from the Cybersecurity and Infrastructure Security Agency (CISA). These frameworks provide a structured approach to identifying, mitigating, and responding to security threats. HOLISTIC SECURITY APPROACH Avoid siloed security operations. Ensure that OT security practices can address broader IT security concerns. Even in air-gapped environments, a holistic view is necessary as IT devices often co-exist with OT systems. This includes integrating IT and OT security teams, sharing threat intelligence, and coordinating incident response efforts. COMMUNITY COLLABORATION AND INCIDENT REPORTING Engage with the security community to share knowledge and best practices. Participate in industry forums, information-sharing groups, and collaborative initiatives. Encourage a culture of transparency and vigilance, where anomalies and potential threats are promptly reported and addressed. Leveraging the collective knowledge of the security community can enhance an organization’s ability to detect and respond to emerging threats. DETAILED INCIDENT RESPONSE PLANNING Develop and maintain a detailed incident response plan that includes procedures for both IT and OT environments. This plan should outline roles and responsibilities, communication protocols, and steps for containment, eradication, and recovery. Regularly test and update the incident response plan through drills and simulations to ensure preparedness for real-world scenarios. CONTINUOUS AND PROACTIVE MONITORING AND THREAT HUNTING Implement continuous monitoring of IT and OT networks to detect and respond to suspicious activity in real time. Utilize advanced deception technologies, such as machine learning and artificial intelligence, to identify anomalies and potential threats while still in the formulation stage. Conduct regular threat-hunting exercises to proactively search for indicators of compromise (IoCs) and vulnerabilities within the environment. IN SUMMARY Whether your organization maintains an airgapped environment or believes that integration of IT and OT systems is inevitable and beneficial, both require a robust and adaptable security strategy to protect against sophisticated and evolving cyber threats. By understanding the unique challenges of OT environments and implementing best practices, organizations can safeguard their critical infrastructure and ensure operational resilience. SHARE THIS ARTICLE * * * * GET UPDATES Sign up to receive the latest from Armis. * Submit Armis, the asset intelligence cybersecurity company. * * * * * © 2024 Armis Inc. All Rights Reserved. PLATFORM * Armis Centrix™ * Attack Surface Visibility * Attack Surface Protection * Attack Surface Management * Armis Asset Intelligence Engine * Telemetry Intelligence * Integrations * Armis Centrix™ Smart Active Querying SOLUTIONS * Armis Centrix™ for Asset Management and Security * Armis Centrix™ for OT/ IoT Security * Armis Centrix™ for Medical Device Security * Armis Centrix™ for Vulnerability Prioritization and Remediation * Armis Centrix™ for Actionable Threat Intelligence * Armis Managed Threat Services PARTNERS * Partner Programs * Technology Partners * Service Providers * Partner Portal Access RESOURCES * Resource Center * Blog * Armis Labs Research COMPANY * Company Overview * Newsroom * Analyst Relations * Investor Relations * Events * Awards * Our Leadership * Careers * Legal and Compliance * Contact Us