Darktrace's Dave Masson on Threats Against OT Networks

The ransomware attack against Colonial Pipeline brought awareness of what critical national infrastructure really means into the public consciousness. Instead of a theoretical discussion of how information may be manipulated in the course of a cyberattack, people experienced firsthand the effects cyberattacks have in the physical world. In this latest Tech Talk, Dave Masson, director of enterprise security with Darktrace, talks about future attacks against operational technology and industrial control systems and why the threats are growing.

One reason why there will be more attacks against OT is because they are getting easier to access remotely. In the past, OT networks were for the most part isolated from the rest of the organization, and attacks required some kind of physical presence on the plant floor or being in the control room. That has changed over the past few years, with more systems accessible to the Internet or somehow connected to the organization's information technology network. Organizations see the value in being able to remotely manage OT and to run reports based on the collected data. 

IT and OT convergence is a "great thing," Masson notes, as it makes the organization more efficient, but it also "brings the entire world of cyber pain."

Efficiency is also the reason why these entities are moving, or considering moving, aspects of OT to the cloud, Masson says. The IT reasons for moving to the cloud — such as scalability and cost-savings of paying for only the amount of storage and compute capacity being used — is the same in OT.

The threat landscape is also complicated by the fact that OT is a very heterogenous environment, with many different types of systems. Some are very basic and don't have a lot of computing capabilities. Others may coordinate the activities of multiple systems. Each one handles a different task and has different capabilities. What most of them have in common is that they were not designed with security in mind and don't have the type of controls that are considered fairly standard in IT systems. In that sense, OT systems are more fragile compared to IT, Masson says.

"In the modern age, you really do need a unified view of your entire digital infrastructure, your IT and OT, whether that's on-prem or in the cloud, because if you don't, you're effectively going to have gaps," Masson says. "And where you've got gaps, that's where the threat actors will exploit the situation."