Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

02:00 PM
John Livingston
John Livingston

COVID-19 Creates Opening for OT Security Reform

Operations technology was once considered low risk, at least until the virus came along and re-arranged the threat landscape.

It appears COVID-19 will dramatically impact the economy – and our work life – at least until a vaccine is discovered. In this crisis mode, operators have needed to reduce onsite personnel, putting greater strain on the limited resources at the plant and requiring an increase in external connectivity for those working remotely.

At the same time, cases of ransomware and vulnerabilities associated with industrial control systems are growing rapidly. Both the National Security Agency and Cybersecurity and Infrastructure Security Agency recently released alerts on the significant increase in cyberattacks on critical infrastructure. The air-gap (if it ever truly existed) is now gone.

Related Content:

Most IoT Hardware Dangerously Easy to Crack

Special Report: Computing's New Normal, a Dark Reading Perspective

New on The Edge: Making the Case for Medical Device Cybersecurity

The challenges of industrial control systems (ICS) and operations technology (OT) cybersecurity are well-known: sensitive devices, limited resources, risk to operations, and the oft-repeated question of "Why bother, if we aren't connected to the Internet?" to name a few. But the crisis opens the door to new possibilities. No longer is the air-gap argument realistic. OT and ICS endpoints are clearly at risk, yet asset visibility and security are also now feasible. How do you avoid wasting the opportunity that comes from this crisis?

Below is a four-step guide that security leaders can follow to significantly change the direction of OT security so that as we emerge from the pandemic, entire systems will be more secure and efficient processes will be created to keep them that way.

Step 1: Don't Settle 
It's tempting to settle for near-term fixes to immediate problems during a crisis. As COVID-19 requires more operations personnel to work remotely, that "near-term fix" is secure remote access. Over the past six months, the demand for these solutions has doubled within our client base. However, secure remote access alone is insufficient. 

Achieving security requires perimeter protection, but endpoint protections within the perimeter is also crucial. Patching, user and account management, software and configuration management, etc., are necessary parts of securing the industrial environment. This crisis offers an opportunity for security leaders to break through the former reaction of "We aren't connected," and push to apply more comprehensive security management across the OT environment.

Step 2: Leverage Security to Enable Business Operational Outcomes 
Usually an agonizingly slow process, COVID-19 has caused a five-to-ten year acceleration in the pace of remote plant support. However, many technology and security initiatives required to safely enable the shift have yet to be implemented. Now is the opportunity to help deliver business outcomes and increase security maturity simultaneously. There are many ways that the foundational elements of security management can improve the efficiency and reliability of remote plant operations.

Two examples include centralized asset visibility and autmated security management. Centralized asset visibility enables proactive identification of operational and security risks. When customers use Verve to aggregate all of their asset information, they are able to monitor for potential operating issues on those devices, e.g., HMIs that are running low on storage; network switches that are starting to overload or slow down; operator consoles that are regularly bluescreening because of outdated or unnecessary software in place; etc. Although these issues are operational in nature, the platform designed to identify "security-specific" flaws – including vulnerabilities, missing patches, and risky configurations – can also identify operational errors to reduce potential downtime.  

Automation included in security management can significantly improve operators' efficiency. If implemented correctly with a "Think global, act local" approach, actions can be designed centrally, with plant personnel controlling automation to ensure actions only happen at the right time and after the right sequence of testing. Our clients regularly save 40%+ in labor from having operator-controlled automation, accomplishing actions that normally take four weeks in merely a few hours.

Step 3: Make a One-Time, Step-Function Increase in OT Security
Conducting OT vulnerability assessments over the last decade, we consistently discovered thousands of missing patches, insecurely configured assets, dozens of shared and/or dormant accounts, unused and risky ports and services, etc. In every case, a one-time clean-up is needed to create a step-change improvement and create a new baseline in security maturity. Now is a great time for this reset. 

Protective elements such as layering compensating controls where patches cannot be deployed, ensuring devices that are insecure by design – including many legacy OT devices – are not directly connected to the external network, and hardening configuration settings can reduce the need for "whack a mole" when a new vulnerability is announced. We have seen our clients save 30% of the labor requirements of remediation by taking these actions. 

Step 4: Bring OT Personnel Onto Security Teams
Industrial companies also have the opportunity to reshape security leadership, especially as remote work has perhaps freed up some plant responsibilities of OT personnel. Our industrial clients have seen great success in shifting OT heads into cybersecurity leadership roles. For example, the OT leader of a Fortune 500 client who is now the head of cybersecurity architecture across both OT and IT, brought a unique perspective to the problem and developed truly creative solutions, achieving efficient and effective security through combined IT/OT management. 

The disruption caused by COVID-19 has created a window where resources are now shifting, uncertainty exists, and new models are possible. Let's not waste this opportunity to emerge from the crisis even smarter, more secure, and more efficient than before.


John leads Verve Industrial Protection's mission to protect the world's infrastructure. He brings 20+ years of experience from McKinsey & Co., advising large companies in strategy and operations. Recognizing the challenges of greater industrial connectivity, John joined Verve ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Google's new See No Evil policy......
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-06-18
RIOT-OS 2021.01 before commit 44741ff99f7a71df45420635b238b9c22093647a contains a buffer overflow which could allow attackers to obtain sensitive information.
PUBLISHED: 2021-06-18
SerenityOS contains a buffer overflow in the set_range test in TestBitmap which could allow attackers to obtain sensitive information.
PUBLISHED: 2021-06-18
SerenityOS in test-crypto.cpp contains a stack buffer overflow which could allow attackers to obtain sensitive information.
PUBLISHED: 2021-06-18
SerenityOS before commit 3844e8569689dd476064a0759d704bc64fb3ca2c contains a directory traversal vulnerability in tar/unzip that may lead to command execution or privilege escalation.
PUBLISHED: 2021-06-18
RIOT-OS 2021.01 before commit 85da504d2dc30188b89f44c3276fc5a25b31251f contains a buffer overflow which could allow attackers to obtain sensitive information.