Significant Cyber Risk Factors Facing OT Environments
As digitization and business transformation bring the worlds of IT and OT (operational technology) closer together, manufacturers find themselves facing significant opportunities — and growing risks.
We explored this fast-changing risk/reward scenario for OT environments in a recent episode of the BlackBerry LIVE podcast series, streamed live on LinkedIn, featuring IDC Research Director for Security and Trust Ed Lee, and BlackBerry Director of Product Marketing Jay Goodman.
To frame the discussion, IDC’s Lee shared a typical example of what’s at stake in today’s OT landscape, and why it provides such a juicy target for threat actors:
“The basic explanation (of OT): It's the hardware and software that manages, monitors, and controls the industrial operations or industrial equipment. If you think about the TV program ‘How It’s Made,’ they show factories making things, like where ketchup bottles are going down the assembly line. They're getting labeled, they're getting filled and packed. That's a prime example of operational technology at work, because it controls the machines that are making the products.”
Connecting this machinery to a company’s backbone network and IT environment, and subsequently exposing it to the Internet, is still a relatively new development in many industries — one which can lead to improved transparency and manageability that positively impacts a company’s bottom line. However, innovation like this can also lead to increased cyber risk, as organizations find themselves with a growing attack surface to defend against cyberattacks. Lee explains why threat actors see this as an exciting opportunity:
“The reward on the attackers’ side is becoming more attractive because what they're finding is that these companies they're attacking — these production facilities they're shutting down, these critical infrastructures they're trying to disrupt — are more than willing to pay off (threat actors) so they don't attack them.”
Watch the full BlackBerry LIVE episode (below):
“You have a very high level of risk with all of the manufacturing devices and critical IP (intellectual property) on those devices for manufacturing,” agrees BlackBerry’s Goodman.
Because equipment in OT environments is often extremely capital-intensive and built to last, it tends to be replaced very seldom compared to typical IT equipment, such as servers and laptops. As a result, machinery and industrial systems are often paired with outdated control software and operating systems that are no longer supported by developers. This situation is akin to a ticking time bomb in many industrial environments — and a potential goldmine for hackers that can penetrate the organizations’ first levels of defense.
“You end up with a lot of effort put into trying to secure a very narrow gateway into the actual OT environment. But when you actually get past that gateway, or if you get through the door, often these systems are wildly exposed,” Goodman says.
These are just a few of the revelations made by our experts as we explored the topic, “Significant Cyber Risk Factors Facing OT Environments.” We also discussed insights on how organizations can protect their OT environments more effectively. Watch the full BlackBerry LIVE episode for more.