Operational Technology Cyberattacks and the 2023 Threat Landscape [Research]
I regularly speak with leaders in the manufacturing industry, and a growing number of them are concerned about stormy waters ahead when it comes to cybersecurity. They are looking beyond supply chain challenges, inflationary pressures, and a tight labor market toward this longer-term and multi-faceted threat.
The very OT (operational technology) manufacturers depend on to manage their factory floors faces an onslaught of cyberattacks that take advantage of a narrowing gap between OT and IT (information technology) networks. An attack on one can quickly become an attack on both.
New BlackBerry research reveals a key driver of this risk, and looks at what manufacturers are trying to do about it. Clearly, something must be done — because the stakes are now too high to ignore, even for small and mid-market organizations.
When I think about the impact of a cybersecurity incident in OT, it amounts to more than downtime — though that stoppage alone can be cataclysmic to a manufacturer. In the aftermath of a cyberattack, organizations must also restore and update their technology infrastructure, while absorbing the impact of lost production and the resulting damage to their reputation.
Operational Technology Cybersecurity Study: What Leaders Fear
BlackBerry surveyed 1,500 manufacturing IT decision-makers across North America, the United Kingdom, Germany, Japan, and Australia. These leaders are most concerned about the following types of cyberattacks:
- Malicious attacks through connected devices including via the Internet of Things (40%)
- Unauthorized access to sensitive data by malicious insiders (29%)
- Ransomware attacks (23%)
- Politically motivated attacks (19%)
These results make sense. I've also seen phishing attacks and the discovery of third-party software vulnerabilities significantly impact OT and IoT (Internet of Things) infrastructure during the last year.
What Drives Operational Technology Cyber Risk?
Cyber risk in OT is quickly becoming a barrier to progress. Many managers are shackled by aging hardware and outdated operating systems and are struggling to unify security across old and new, to forge ahead with modernization and digitization initiatives.
Our survey results also show the severity of this problem, which I believe is driving much of the cyber risk in manufacturing environments. Of the IT decision-makers we polled, 86% admit to running core functions on an outdated and unsupported legacy operating system (OS).
How do these numbers compare with your organization?
- More than a third of respondents (36%) admit they still use Windows NT, an OS first released in 1993 and last supported nearly 20 years ago in 2004.
- Nearly half (46%) say they still use Windows XP (released in 2001), for which support ended almost nine years ago in 2014.
- Well over half (57%) utilize workstations running Windows 7, for which support expired three years ago. The same number (57%) depend on Windows 8, which Microsoft stopped supporting in January 2023.
Those responses explain the most alarming fact from our survey results: The vast majority of IT decision-makers in manufacturing (70%) say aging hardware limits their ability to update their OT assets and endpoints. This is extremely risky.
How Manufacturers Are Protecting Their Operational Technology
With aged and isolated equipment, the truth is, it’s difficult to protect these environments — but it’s not impossible. Manufacturers are trying a number of things, like controlling physical access to electronic data and systems, using secure settings across devices and software, and utilizing antivirus software and firewalls to secure their internet connections.
However, this represents a patchwork approach, and maintaining it can be a tremendous IT burden. Nearly all of our survey respondents (95%) say they need to update or patch legacy operating systems once a month or more to repair vulnerabilities. Does this sound familiar?
Something must change, and BlackBerry has set out to make that change possible. The key lies in the way we secure operational technology, through our Cylance® AI-based platform.
The Self-Defending Factory Floor
Can you have a “self-defending” factory floor that stays protected even when systems are never connected to — or become disconnected from — the network? Yes, I think this is now a reality.
We have developed a security tool with a lightweight footprint that is OS-agnostic and robust enough to work effectively even in a completely disconnected environment — allowing a single platform to protect every endpoint across both your IT and OT networks.
- Whether your OT systems are air-gapped, connected, or somewhere in between, the platform eliminates complexity by being instantly compatible. This clears the way for uninterrupted business evolution because you have strong threat resiliency out of the box.
- There is no need for signatures, heuristics, or even internet connectivity to remain protected.
- The Cylance approach does not require online access or disruptive updates.
- The platform improves risk posture for application inventory and prioritization.
This approach also helps protect your operating systems, regardless of their age. This is crucial in sectors like manufacturing, where these outdated OSes often support systems and machinery that typically stay in use until they sunset, which can take decades.
This is far too long for your factory floor to remain inadequately protected, especially because a cyberattack against your OT equipment now puts the rest of the business at risk, as OT and IT systems become increasingly interdependent.
I’ll share additional details from our research in a future blog as we continue to explore this convergence.