www.armis.com
Open in
urlscan Pro
104.254.140.8
Public Scan
URL:
https://www.armis.com/blog/ot-security-goes-beyond-the-plc/
Submission: On July 07 via manual from US — Scanned from DE
Submission: On July 07 via manual from US — Scanned from DE
Form analysis 4 forms found in the DOM
GET
<form id="lang-switcher" method="get"><select name="lang" id="lang-select">
<option value="https://www.armis.com/blog/ot-security-goes-beyond-the-plc/" selected="selected">EN</option>
</select></form>GET https://www.armis.com/
<form action="https://www.armis.com/" class="search-form" method="get" role="search">
<label>
<span class="screen-reader-text">Search for:</span>
<input type="text" title="Search for:" name="s" value="" id="s" placeholder="Search …" class="search__field">
</label>
<button type="submit" class="search__btn"> Search </button>
</form><form id="mktoForm_1035" novalidate="novalidate" class="mktoForm mktoHasWidth mktoLayoutLeft cookie-autofill-data-loading" style="font-family: Helvetica, Arial, sans-serif; font-size: 13px; color: rgb(51, 51, 51); width: 1601px;">
<style type="text/css">
.mktoForm .mktoButtonWrap.mktoSimple .mktoButton {
color: #fff;
border: 1px solid #75ae4c;
padding: 0.4em 1em;
font-size: 1em;
background-color: #99c47c;
background-image: -webkit-gradient(linear, left top, left bottom, from(#99c47c), to(#75ae4c));
background-image: -webkit-linear-gradient(top, #99c47c, #75ae4c);
background-image: -moz-linear-gradient(top, #99c47c, #75ae4c);
background-image: linear-gradient(to bottom, #99c47c, #75ae4c);
}
.mktoForm .mktoButtonWrap.mktoSimple .mktoButton:hover {
border: 1px solid #447f19;
}
.mktoForm .mktoButtonWrap.mktoSimple .mktoButton:focus {
outline: none;
border: 1px solid #447f19;
}
.mktoForm .mktoButtonWrap.mktoSimple .mktoButton:active {
background-color: #75ae4c;
background-image: -webkit-gradient(linear, left top, left bottom, from(#75ae4c), to(#99c47c));
background-image: -webkit-linear-gradient(top, #75ae4c, #99c47c);
background-image: -moz-linear-gradient(top, #75ae4c, #99c47c);
background-image: linear-gradient(to bottom, #75ae4c, #99c47c);
}
</style>
<div class="mktoFormRow">
<div class="mktoFieldDescriptor mktoFormCol" style="margin-bottom: 10px;">
<div class="mktoOffset" style="width: 10px;"></div>
<div class="mktoFieldWrap mktoRequiredField"><label for="Email" id="LblEmail" class="mktoLabel mktoHasWidth" style="width: 100px;">
<div class="mktoAsterix">*</div>
</label>
<div class="mktoGutter mktoHasWidth" style="width: 10px;"></div><input id="Email" name="Email" placeholder="Email Address" maxlength="255" aria-labelledby="LblEmail InstructEmail" type="email"
class="mktoField mktoEmailField mktoHasWidth mktoRequired" aria-required="true" style="width: 150px;"><span id="InstructEmail" tabindex="-1" class="mktoInstruction"></span>
<div class="mktoClear"></div>
</div>
<div class="mktoClear"></div>
</div>
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow"><input type="hidden" name="utm_source__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="Website" style="margin-bottom: 10px;">
<div class="mktoClear"></div>
</div>
<div class="mktoButtonRow"><span class="mktoButtonWrap mktoSimple" style="margin-left: 120px;"><button type="submit" class="mktoButton">Submit</button></span></div><input type="hidden" name="formid" class="mktoField mktoFieldDescriptor"
value="1035"><input type="hidden" name="munchkinId" class="mktoField mktoFieldDescriptor" value="645-PDC-047"><i class="fa fa-5x fa-cog fa-spin"></i>
</form><form novalidate="novalidate" class="mktoForm mktoHasWidth mktoLayoutLeft" style="font-family: Helvetica, Arial, sans-serif; font-size: 13px; color: rgb(51, 51, 51); visibility: hidden; position: absolute; top: -500px; left: -1000px; width: 1600px;">
</form>Text Content
* The State of Cyberwarfare
* Support
* Armis University
EN
* Platform
ARMIS PLATFORM
* Armis Centrix™
* Armis Centrix™ for Asset Management and Security
* Armis Centrix™ for OT/ IoT Security
* Armis Centrix™ for Medical Device Security
* Armis Centrix™ for Vulnerability Prioritization and Remediation
* Armis Centrix™ for Actionable Threat Intelligence
* Armis Managed Threat Services
CAPABILITIES
* See
* Protect
* Manage
DATA SOURCES
* Armis Asset Intelligence Engine
* Telemetry Intelligence
* Integrations
* Armis Centrix™ Smart Active Querying
* Industries
INDUSTRIES
* Manufacturing
* Information Technology
* Telecommunications and Media
* Retail
* Hospitality
* Transportation and Logistics
* Automotive
* Energy and Utilities
* Health and Medical
* Financial Services
PUBLIC SECTOR
* Government
* Defense
* Federal Government
* State and Local Government
* Higher Education
* K-12 School Districts
SECURING THE AUTOMOTIVE MANUFACTURING PROCESS WITH ARMIS CENTRIX™
* Solutions
ASSET MANAGEMENT AND SECURITY
* Full Asset Inventory and CMDB Enrichment
* Attack Surface Management and Security Posture
* IT and Security Hygiene and Gap Analysis
* Compliance Reporting
* Network Segmentation and Enforcement
* Threat Detection and Response
OT/ IOT SECURITY
* Deep OT Visibility
* OT/ IoT Environment Hygiene
* Bridge the IT/ OT Gap
* Monitor and Protect OT Networks
* Intelligent OT/IoT Network Segmentation
* OT/IoT Vulnerability and Risk Management
* Process Integrity
* Lifecycle Management
MEDICAL DEVICE SECURITY
* Visibility and Security Across the Entire Medical Fleet
* IoMT/ IT Convergence Management
* Asset Behavior Monitoring and Compliance
* Understand Medical Device Utilization
* Vulnerability and Threat Monitoring
* FDA Recall and Security Advisories Management
* Automated Network Segmentation and Enforcement
VULNERABILITY PRIORITIZATION AND REMEDIATION
* Fill Coverage Gaps in Vulnerability Detection
* Vulnerability Data Enrichment
* Vulnerability Prioritization
* Vulnerability Remediation
* Track Progress and Process Management
COMPLIANCE FRAMEWORKS
* CIS Critical Security Controls
* DORA
* MITRE ATT&CK for ICS
* NIS2
* NIST
* SOCI
* Zero Trust
* Resources
RESOURCES
* Resource Center
* Case Studies
* FAQ
* IoMT Playbook
* Converge IT/OT Cybersecurity Playbook
ARMIS
* Blog
* Podcasts
* Armis Labs Research
* Armis University
THE INVISIBLE FRONT LINE: AI-POWERED CYBER THREATS ILLUMINATE THE DARK SIDE
* Partners
PARTNERS
* Partner Programs
* Technology Partners
* Service Providers
PARTNER PORTAL
* Partner Portal Access
* Company
ABOUT US
* Company Overview
* Newsroom
* Analyst Relations
* Investor Relations
* Awards
* Leadership
CONNECT WITH US
* Careers
* Events
* Contact Us
Search for: Search
Request a Demo
* Home
* Blogs
* OT Security Goes Beyond the PLC
JUN 14, 2024
OT SECURITY GOES BEYOND THE PLC
BY MICHAEL ROTHSCHILD
Senior Director, Product Marketing
The threats that target Operational Technology (OT) are reshaping industries and
are also expanding the attack surface. It is exposing critical infrastructure
and manufacturing environments to heightened cybersecurity risks that may have
not been an issue when these environments were first imagined. In order to truly
secure OT, it is essential to understand the intricacies of critical
infrastructure, associated security challenges, and best practices for
safeguarding these systems.
THE OT MARKET
The OT market has seen substantial growth in recent years. According to
Grandview Research, the OT market was valued at USD 190.95 billion in 2023 and
is projected to grow at a compound annual growth rate (CAGR) of 10% from 2024 to
2030. This growth is driven by the increased adoption of automation and smart
technologies across various sectors, including manufacturing, energy, and
transportation. The expansion of the OT market underscores the need for robust
and comprehensive security measures to protect these critical systems.
THREAT LANDSCAPE
ATTACK VECTORS
OT environments are increasingly targeted by a diverse array of threat actors,
including hackers, insiders, cybercriminals, terrorists, and nation-states. The
appeal of OT systems as targets lies in their potential to cause massive
disruption. These attacks can halt production lines, disrupt supply chains, and
compromise safety systems, leading to significant economic and operational
impacts.
CRITICAL INFRASTRUCTURE AT RISK
Critical infrastructure sectors, often referred to as the “CISA 16,” include
essential services such as electricity, water, transportation, and healthcare.
These sectors are vital to societal functioning and are thus prime targets for
cyberattacks. Disruptions in these areas can have far-reaching consequences,
affecting not only the targeted organizations but also the broader population.
SECURITY CHALLENGES IN OT ENVIRONMENTS
UNIQUE CHARACTERISTICS OF OT SYSTEMS
OT systems, including actuators, robots, and programmable logic controllers
(PLCs), are distinct from typical IT assets. Major manufacturers of OT assets
include companies like ABB, Honeywell, and Yokogawa, each using unique protocols
and standards. Unlike IT systems, OT systems are often designed for long
lifespans and may run outdated software, making them more vulnerable to cyber
threats.
AIR-GAPPED VS. CONVERGED ENVIRONMENTS
1. Air-Gapped Environments: These environments are designed to be completely
isolated from external networks, theoretically preventing cyber intrusions.
However, maintaining true isolation requires the equivalence of a massive
Faraday cage to eliminate all accidental convergence scenarios (see callout
box). Despite these efforts, sophisticated attack vectors can still
penetrate air-gapped systems through indirect means, such as physical media
or electromagnetic emissions.
2. Converged Environments: These integrate IT and OT systems, facilitating data
flow and operational efficiency. While beneficial, this integration also
introduces new security challenges, as IT and OT assets share a common
network. This convergence blurs the boundaries between IT and OT, creating a
more complex security landscape where vulnerabilities in IT can affect OT
systems and vice versa.
ACCIDENTAL CONVERGENCE SCENARIOS
Despite air-gapping efforts, sophisticated attack vectors have emerged,
including:
* FM Frequency Signals: Malicious actors can transmit data between computers
and mobile phones using FM frequencies, bypassing traditional network
security measures.
* Thermal Communication Channels: Heat emissions from computers can be used to
transmit data to nearby devices, exploiting temperature variations to encode
information.
* Cellular Frequencies: Cellular networks can be exploited to infiltrate
isolated systems, leveraging mobile devices as a bridge to secure
environments.
* Near-Field Communication (NFC): NFC technology, commonly used for contactless
payments, can be manipulated to breach security protocols in OT environments.
* LED Light Pulses: Variations in LED light pulses in OT equipment can be
exploited to transmit data, exposing critical systems to malicious activity.
THE COMMONALITY OF THE BREACH
The majority of OT based breaches actually start with a beachhead for the hacker
achieved by compromising an IT based device and then laterally creeping to the
OT side of the house. Some recent attacks are just a few examples but they are
not the only ones:
1. Colonial Pipeline (2021): This ransomware attack targeted the pipeline’s IT
systems, leading to a precautionary shutdown of the pipeline operations. The
attack targeted the “third network”, resulting in shutting down the actual
pipeline in an abundance of caution.
2. Volt Typhoon (2023): A China-backed cyber espionage group compromised IT
systems across multiple critical infrastructure sectors in the United
States. This included communications, energy, transportation, and water
systems, demonstrating the pervasive threat to national security.
3. Muleshoe Water Filtration Plant (2023): A cyber intrusion led to the
overflow of a water tank in a small Texas town, illustrating the
vulnerability of local infrastructure via a remote access IT based device.
4. Australian Seaports (2023): A ransomware attack on four major Australian
seaports caused significant disruptions, forcing a week-long shutdown that
impacted imports and exports.
5. Synnovis Pathology Lab (2024): A ransomware attack disrupted diagnostic
services at a prominent pathology lab in London, delaying medical care for
patients and highlighting the direct impact of cyberattacks on healthcare
delivery.
BEST PRACTICES FOR SECURING IT AND OT
COMPREHENSIVE ASSET INVENTORY
Maintaining a detailed inventory of all IT, OT, IoT, and IoMT devices is
crucial. This inventory should include physical, virtual, managed, and unmanaged
assets. A comprehensive asset inventory helps organizations understand their
attack surface and implement targeted security measures. It also aids in
identifying and mitigating risks associated with outdated or unsupported
devices.
IMPLEMENTING RESILIENCE AND COMPENSATING CONTROLS
Adopt a multi-layered security approach, ensuring that compensating controls are
in place to mitigate risks. Security measures should be dynamic and adaptable to
the evolving threat landscape. This includes the implementation of a cooperative
approach involving the entire security stack that includes but is not limited to
access controls, intrusion detection systems (IDS), intrusion prevention
systems (IPS), and network segmentation to isolate critical systems and prevent
lateral movement of threats.
REGULATORY COMPLIANCE AND SECURITY FRAMEWORKS
While regulatory compliance (e.g., NIST, NERC) is essential, it should be viewed
as the baseline. Organizations should also adhere to comprehensive security
frameworks such as MITRE ATT&CK and follow guidance from the Cybersecurity and
Infrastructure Security Agency (CISA). These frameworks provide a structured
approach to identifying, mitigating, and responding to security threats.
HOLISTIC SECURITY APPROACH
Avoid siloed security operations. Ensure that OT security practices can address
broader IT security concerns. Even in air-gapped environments, a holistic view
is necessary as IT devices often co-exist with OT systems. This includes
integrating IT and OT security teams, sharing threat intelligence, and
coordinating incident response efforts.
COMMUNITY COLLABORATION AND INCIDENT REPORTING
Engage with the security community to share knowledge and best practices.
Participate in industry forums, information-sharing groups, and collaborative
initiatives. Encourage a culture of transparency and vigilance, where anomalies
and potential threats are promptly reported and addressed. Leveraging the
collective knowledge of the security community can enhance an organization’s
ability to detect and respond to emerging threats.
DETAILED INCIDENT RESPONSE PLANNING
Develop and maintain a detailed incident response plan that includes procedures
for both IT and OT environments. This plan should outline roles and
responsibilities, communication protocols, and steps for containment,
eradication, and recovery. Regularly test and update the incident response plan
through drills and simulations to ensure preparedness for real-world scenarios.
CONTINUOUS AND PROACTIVE MONITORING AND THREAT HUNTING
Implement continuous monitoring of IT and OT networks to detect and respond to
suspicious activity in real time. Utilize advanced deception technologies, such
as machine learning and artificial intelligence, to identify anomalies and
potential threats while still in the formulation stage. Conduct regular
threat-hunting exercises to proactively search for indicators of compromise
(IoCs) and vulnerabilities within the environment.
IN SUMMARY
Whether your organization maintains an airgapped environment or believes that
integration of IT and OT systems is inevitable and beneficial, both require a
robust and adaptable security strategy to protect against sophisticated and
evolving cyber threats. By understanding the unique challenges of OT
environments and implementing best practices, organizations can safeguard their
critical infrastructure and ensure operational resilience.
SHARE THIS ARTICLE
*
*
*
*
GET UPDATES
Sign up to receive the latest from Armis.
*
Submit
Armis, the asset intelligence cybersecurity company.
*
*
*
*
*
© 2024 Armis Inc. All Rights Reserved.
PLATFORM
* Armis Centrix™
* Attack Surface Visibility
* Attack Surface Protection
* Attack Surface Management
* Armis Asset Intelligence Engine
* Telemetry Intelligence
* Integrations
* Armis Centrix™ Smart Active Querying
SOLUTIONS
* Armis Centrix™ for Asset Management and Security
* Armis Centrix™ for OT/ IoT Security
* Armis Centrix™ for Medical Device Security
* Armis Centrix™ for Vulnerability Prioritization and Remediation
* Armis Centrix™ for Actionable Threat Intelligence
* Armis Managed Threat Services
PARTNERS
* Partner Programs
* Technology Partners
* Service Providers
* Partner Portal Access
RESOURCES
* Resource Center
* Blog
* Armis Labs Research
COMPANY
* Company Overview
* Newsroom
* Analyst Relations
* Investor Relations
* Events
* Awards
* Our Leadership
* Careers
* Legal and Compliance
* Contact Us