Colleagues working together in server control room

In an evolving cyber threat landscape, how do you develop Operational Technology (OT) resilience?

As cyber risks at the intersection of IT and Operational Technology (OT) grow, organizations should focus on ways to build resilience now.


In brief

  • In light of the evolving cyberthreat landscape, companies need to build resilience against cyber attacks.
  • Besides IT, cybersecurity must also cover OT processes, activities and assets and work with relevant stakeholders to align goals and expectations.
  • Building resilience involves addressing weaknesses, fostering a culture of cybersecurity and applying appropriate cybersecurity rules.

In today’s rapidly changing cybersecurity landscape, embarking on a business resilience journey is essential. The evolving nature of cyber threats demands proactive measures to assess vulnerabilities, implement robust security measures and adapt swiftly. Neglecting the intricacies between IT and Operational Technology (OT), resilience and essential security measures, can lead to financial losses, reputational damage and loss of customer trust.

Over the past decade, the evolving OT attack landscape has seen an expansion of common attacks originating from IT networks. At the intersection of OT and IT, these attacks have an escalating impact that goes beyond temporary downtime, triggering a cascade of significant financial and further consequences.

In May 2021, a major pipeline system for refined oil products in the US was hit by a ransomware attack. It suffered six days of downtime, triggering widespread gasoline shortages in the Northeast USA.

Swiss attacks
Cyber incident reports received in the second half of 2022

Ransomware attacks have witnessed a significant surge in both quantity and impact, establishing themselves as a major cause of concern in the cybersecurity landscape. In its report for the second half of 2022, the Swiss National Cybersecurity Centre (NCSC) recorded 54 incident reports related to ransomware attacks. Disruptive attacks such as these have had a significant impact on vital sectors such as food and beverages, healthcare, transportation and energy.

Cyberattacks on OT highlight the critical importance of business continuity and resilience in safeguarding critical systems and ensuring the continued operation of vital services. Organizations must prioritize these aspects to minimize the impact of cyber threats and maintain the stability and functionality of their operations. 

By understanding and acknowledging the weaknesses within your organization, you can proactively assess potential threats and vulnerabilities

Building resilience in the OT world requires more than just supporting IT. It is crucial to consider various interconnected pillars that collectively contribute to effective business resilience. While IT is important, other pillars such as infrastructure, people, suppliers, premises, legal & compliance, finance and communications also play vital roles.

In our work with clients, we observe common obstacles on the journey toward building resilience, such as:

  • Unclear understanding of potential risks
  • Unidentified key processes and procedures
  • Unclear understanding of business needs regarding the recovery of IT/OT applications
  • Unawareness of risks and interdependencies with third parties
  • Unpreparedness for a disruptive event
  • Lack of threat intelligence

Knowing your vulnerabilities, identifying risks and being prepared before an attack occurs are key elements on any business resilience journey. By understanding and acknowledging the weaknesses within your organization, you can proactively assess potential threats and vulnerabilities.

As each organization is different, it is important to establish a customized business resilience program that meets your specific needs. Based on our experience, these are some key steps you can take to work out your focus areas and improve resilience: 

By considering these aspects and fostering a holistic approach to resilience, organizations can strengthen their ability to withstand disruptions, recover quickly and maintain operational continuity in the dynamic IT/OT environment.

 

Of course, it’s also important to keep in mind general cybersecurity rules for OT to protect your organization from cyberattack, such as:

  • Network separation and segmentation: implementing network segmentation helps isolate critical OT systems from other networks, reducing the attack surface and limiting the potential spread of threats.
  • Regular system updates and patching: this helps to protect against known vulnerabilities and reduces the risk of successful attacks. For obsolete systems still in use, it is necessary to implement some alternative measures, such as isolation.
  • Secure remote access: implement secure remote access solutions for OT systems, ensuring that remote connections are encrypted and authenticated. Good practice is to establish a secure method of remote access for OT vendors including installing a VPN connection, filtering the traffic by an IT/OT firewall and using a jump station located in the IT/OT DMZ with multifactor authentication, separate from other production networks.
  • Implementation of a network security monitoring system based on industrial intrusion detection system (IDS) inside the OT network to monitor the OT network traffic: architecture of the IDS solution should ensure the monitoring of the network’s most critical traffic (e.g., between OT and external networks, OT VLANs and within OT VLANs). 

Summary

Understanding and addressing potential risks across key OT processes, activities and assets is a vital first step in building resilience. At the same time, fostering a culture and communication with stakeholders is important to align expectations and enable an ongoing journey in a shifting risk landscape.

Acknowledgements

We thank Iuliia Simonova, Natalia Studer, Maxine Moleman and Tsiory Razafindrazaka for their valuable contribution to this article.


About this article

Related article

If protection starts with perception, how do you see cybersecurity?

We believe the board should focus on cybersecurity – to truly understand why security by design is so important.