Operational Technology (OT) systems provide the industrial controls and devices that perform some of the most vital and sensitive tasks in critical infrastructure environments like power grids. One would assume that they would have the highest security controls. Unfortunately, the opposite is true.
It’s not uncommon for an OT system still in use to have been developed decades ago with little more than password protection. (And these passwords may have never been changed since they were installed by the vendor.) There’s a reason for the lack of intensive security. By their nature, OT systems are almost always operated in closed, unconnected environments, making them almost impervious to cyber threats. So much so, that until recently, most hackers haven’t even bothered trying. Besides, it is easier to “phish” into an enterprise through an organization’s IT systems.
But that moat of OT security is showing signs of weakness. Increasingly, OT systems are being connected to IT business systems through the Internet. This convergence of IT and OT is taking assets not traditionally connected to the Internet — such as assembly line machinery — and bringing them online for the first time.
The move enables enterprises to create new efficiencies by applying the intelligence of IT, AI, and Machine Learning, to the physical assets of OT systems. For its part, OT environments can now use IT systems to manage complex data and information flows across networks, made up of multiple OEM products, and leverage them to manage complex physical processes making them more reliable and efficient than ever before.
This convergence, however, raises the attack surfaces and attack vectors into OT networks and systems, as well as creates a new backdoor to connected IT systems.
On April 13, 2022, the U.S. Department of Energy (DOE), the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) released a joint Cybersecurity Advisory Alert (AA22-103A) warning that certain Advanced Persistent Threat (APT) actors have exhibited the capability to gain full system access to multiple OT, industrial control system (ICT) and supervisory control and data acquisition devices (SCADA) a control system architecture that’s comprised of computers, networked data communications and graphical user interfaces which are used in OT Systems.
Cybersecurity for IT/OT Systems
Cybersecurity for IT/OT systems is best accomplished by companies who have deep experience in cybersecurity in both IT and OT systems. Hitachi is one of the few companies who has this type of experience. An example of the types of skills required to integrate OT and IT is shown in the following example of a Smart Grid system that was recently implemented by Hitachi Energy.
Hitachi Energy serves customers in the utility industry and infrastructure sectors with innovative solutions and services to enable the digital transition towards a carbon neutral future. Hitachi Energy has a proven track record and unparalleled installed base in more than 140 countries.
Hitachi Energy has designed and implemented secure Smart Grid systems for many customers, including one of Europe’s main transmission system operators (TSO) who is responsible for developing and managing high voltage and very high-voltage electrical transmissions throughout its country and is also the majority owner of the country’s high-voltage transmission grid.
Cybersecurity Problems are Big Data Problems
In addition to having the operational experience and technology to support critical infrastructure systems Hitachi also has the knowledge and experience to solve cybersecurity problems with data. With the rapid adoption of mobile, cloud, big data, and the Internet of Things (IoT) the need to blend a larger volume and variety of data from the applications, networks and servers created by IT and OT systems grows.
This creates a big data problem that is hard to solve because bringing data together from different formats, at scale, is tough. Hitachi Vantara’s Pentaho Platform enables end users like forensic analysts, cybersecurity analysts and data scientists to detect cyber threats faster.
In the past year, analysts like Gartner and Forrester have issued guidance on cybersecurity for OT systems. The joint Cybersecurity Advisory Alert described above supports the real concerns raised by these analysts. Cyberattacks against OT systems, and in particular, IT/OT systems may have much larger consequences than attacks on IT systems.
OT is responsible for processes, that if breached can impact outages of critical services that result in loss of life or disruption of social, economic or political order. Critical infrastructure, like a nation’s electrical grid, is dependent on private companies who must work together during a cyberattack. As the threats grow, manufacturers of sensitive OT devices must adopt a culture of cybersecurity that starts at the beginning of the design process and continues through to validating the resulting implementation in the final product.
Related:
Hitachi Systems Security Inc. provides teams of cybersecurity, compliance, and privacy experts that have been helping companies in more than 50 countries secure their critical data and strengthen their cybersecurity posture to protect against security breaches, data leaks, and intrusions. The company provides risk assessment or penetration testing of OT environments. Read their take on OT Cybersecurity.
Hu Yoshida
Hu Yoshida spent 24 years at Hitachi Vantara helping define technical direction and enabling customers to address their digital transformation needs. He is widely known in the industry and was instrumental in evangelizing Hitachi's unique approach to storage virtualization.