Stuxnet, a computer virus that targeted Iran’s nuclear infrastructure in 2010, defined a pivotal moment in cybersecurity history. This event brought on a new era of cyberattacks that initially focused on traditional IT environments. As the IT threat landscape has evolved, threat actors are looking at Operations Technology (OT) environments as a new landscape to expand their efforts. Why wouldn’t they? Many estimates tell us that the security of OT environments is 25 years behind IT security. Stuxnet exploited the false comfort of “air gap” (computers that are not connected to the internet or to any other systems that connect to the internet) and we have seen a rapid rise over the past year in cyberattacks on OT systems that leverage similar tactics. In a recently released fact sheet[i], the Cybersecurity and Infrastructure Security Agency (CISA) highlighted the realities of ransomware threats in 2021 in relation to OT assets and industrial control systems. “Given the importance of critical infrastructure to national security and America’s way of life, accessible OT assets are an attractive target for malicious cyber actors,” says CISA.
Attackers are no longer focused on a specific industry. The SolarWinds cyberattacks impacted at least 100 private companies and nine government agencies. This breach on a Florida water system impacted 15,000 of its city residents. The most recent Colonial Pipeline attack forced the biggest fuel pipeline in the U.S. to shut down. These attacks provide a disturbing glimpse into how cyberattacks can cause costly disruptions to critical infrastructure operations and disastrous ripple effects for our economy. As companies advance and automate their IT infrastructure, the blurring gap between information technology (IT) and operational technology (OT) systems makes it important for providers of critical infrastructure to take aggressive proactive action.
According to a study from Claroty, 56% of IT and OT security professionals at industrial enterprises have reported an increase in cybersecurity threats since the start of the pandemic, and 70% have observed cyber criminals employing new tactics in the same timeframe.[ii] For critical infrastructure organizations to effectively protect themselves and their customers, they must take a multi-pronged approach.
Secure Your Business with a holistic OT Cybersecurity Platform with Honeywell and Equinix
Read more on how businesses can leverage Honeywell’s industrial experience and proven operations technology (OT) cybersecurity expertise on Platform Equinix® to secure your business.Read More
Five aspects of cybersecurity for critical infrastructure enterprises to consider
Good cyber hygiene for OT is similar to IT. Controls of segmentation, firmware/software patching, multi-factor authentication (MFA), passwords management and asset management are all important to secure OT environments. Maintaining awareness of the problem and of the many ways your business could be vulnerable to an attack is also important. In a constantly shifting threat landscape, businesses and government agencies must be proactive in gleaning insights about recent attacks and in communicating those insights. There are many sources of insights which should not be overlooked, including advisories from the Cybersecurity & Infrastructure Security Agency (CISA)[iii].
The recent White House Executive Order (EO) released on May 12, 2021 changed the definition of a “system.” In the past, the term system referred specifically to IT systems. With the latest EO, the definition of the term system has been broadened to include OT machinery as well. Along with an established Industrial Controls System Security framework —NIST SP 800-82[iv]—the EO opens all major frameworks such as NIST SP 800-53, NIST SP 800-171 and CMMC to be applicable to OT environments.
Collaboration is key to fighting cybercrime today. President Biden’s recent executive order on improving the nation’s cybersecurity[v] and related cyber summit confirm that even our highest level of government agrees with this policy. Equinix shares best practices and its experience with threats with an information sharing and analysis center who disseminates information to our customers via customer service managers. The Equinix ecosystem allows our community to share threat intelligence with peers, third party vendors and law enforcement so that we can all be better prepared to address risks.
Researchers from Stanford University and a top cybersecurity organization found that approximately 88% of all data breaches are caused by human error.[vi] It is critical for your employees to understand that security is a shared responsibility and how they can potentially put your company at risk.
When investing in technology to anticipate, prevent, or minimize attacks, your technology investments must be well aligned with the future needs of the company. Anticipate where the company is headed, understand the risks and invest accordingly. The cost of global ransomware damage is forecast to exceed $265 billion by 2031[vii], so invest wisely.
As you make technology investments, be sure to work closely with stakeholders so that you understand the impact of your decisions on business units and they understand the urgency around protecting data and applications. Proactive threat hunting and vulnerability management are important security operations to prioritize risk mitigation. These vital operations must be done collaboratively and a comprehensive understanding of dependencies will help drive operational efficiencies and decrease response time during an attack.
How is Equinix protecting ourselves and our customers?
A robust and secure infrastructure like Platform Equinix™ is designed with security in mind – security is embedded in all of our technology tools and platforms in the planning stage. The platform ensures secure interconnection to hybrid clouds – essential when collecting OT data at the edge and sharing or migrating IoT data and workloads across multisites and multiclouds. Equinix Fabric™ shortens the distance between computing and data, giving OT full control of its data and the security perimeters around it. Since these deployments are housed within physically secure facilities and monitored continually with strict access controls, the deployment itself becomes a safeguard against intrusion.
Equinix has invested heavily in personnel, technology and processes to prevent, detect and respond to cyberattacks. We complement traditional IT security technology with deep packet inspection and other technologies more appropriate for OT environments to collect intelligence across OT, IT and physical security, and monitor how devices talk to each other to help safeguard against and anticipate risks.
Machine learning helps us automate and operationalize risk analysis and security processes, minimizing the need for manual intervention and providing insights that we use to replicate security processes across our entire footprint in every region. We share those insights, information about threats and our cybersecurity expertise with our customers, partners and with law enforcement. We also invest in a global cybersecurity awareness program for our employees to minimize the risk of human error. The program includes a phishing simulation program, cyber ambassador program, security university, role-based trainings (such as DevSecOps training), and general security awareness training.
Organizations that host critical infrastructure have a great responsibility, not only to their shareholders but to the communities that they serve. The cybersecurity landscape becomes even more complex when it crosses IT and OT environments. With awareness, collaboration, education, operational efficiencies and the right technology, you can minimize the impact of a growing security threat.
For more information about how to secure your business, read this solution brief about leveraging Honeywell’s industrial experience and proven operations technology (OT) cybersecurity expertise on Platform Equinix.
[i] CISA Fact Sheet: Rising Ransomware Threat to OT Assets
[ii] Survey Results Offer Insight into State of Industrial Cybersecurity Amid COVID-19 – Claroty, October 6, 2020
[iii] ICS-CERT Advisories | CISA
[iv] Guide to Industrial Control Systems (ICS) Security (nist.gov)
[v] Executive Order on Improving the Nation’s Cybersecurity | The White House
[vi] The Psychology of Human Error | Tessian
[vii] Global Ransomware Damage Costs To Exceed $265 Billion By 2031, EIN Presswire, June 4,2021