Critical infrastructure is under attack. The risk associated with cyber-attacks and the likelihood of them occurring will only increase in the future. This is largely due to the unique security needs and challenges associated with operational technology (OT), which has become increasingly more connected in the past decade.
We’re seeing proof of this in industry and in the media more often. Industrial organizations are challenged to protect not only their data, but also their physical assets and industrial control systems, because today’s threats have evolved and become more sophisticated and targeted.
It’s now possible to breach OT systems directly, enabling hackers to cause significant damage without stealing any data. Fortunately, emerging technologies for OT systems help critical infrastructure build in layered defense, similar to how network security is layered in the enterprise space. While the approach is similar, OT and IT environments differ significantly, and therefore the security tools used must respond to the needs of each. For OT environments to be truly protected, they require tailored security technology to defend the various points of remote access and vulnerability across the organization.
It’s been reported by multiple news outlets that the U.S. government attributed a 2013 cyber breach against a U.S. dam to hackers who were recently charged.
Wurldtech has the necessary protections in the U.S. and worldwide — Achilles and OpShield — to protect our infrastructure. Achilles tests equipment to see if it can withstand attacks in a safe, measurable way. We work with manufacturers to remedy weaknesses and once the technology is hardened, the manufacturer earns an Achilles Certification. The OpShield solution, on the other hand, is a critical layer within the operational infrastructure security. It provides visibility into the OT network and protects both the perimeter, which includes the human machine interfaces (HMIs) and SCADA environment, and the field or larger industrial control system environment. OpShield is designed to defend unpatched industrial control systems from cyber threats. It blocks known attacks and takes a self-learning look at data and traffic patterns in the OT network and identifies anything that deviates from what’s normal. If there is a variance in traffic, OpShield notifies operators that there is likely an unknown threat. Further, it automatically discovers connected devices and communications between devices, and allows an operator to validate a deterministic blueprint of the process control environment.
As more devices become connected and risks to the operational environments increase, organizations must be prepared for what is a matter of “when” not “if”. It’s of the utmost importance that critical infrastructure organizations understand the security risks they are exposed to, including sophisticated, targeted breaches from nation-state-sponsored hackers and organized cyber criminals.