Here’s What Television Can Teach You About IT/OT Convergence
As our world becomes more and more interconnected, automation professionals are realizing that cybersecurity is critical to the survival of our companies. The International Society of Automation (ISA) launched the ISA Global Cybersecurity Alliance last year to help fight to keep bad actors out of our systems, but many companies still struggle with a simple issue: which department should handle cybersecurity?
Should it be your IT team, who can monitor potential cyber threats coming in through your general internet access points?
Or should it be your OT team, who already routinely checks for threats to your physical devices?
We—along with the most recent data on industrial cyber threats—say this is the wrong attitude. Cybersecurity shouldn’t be left to one team or another. It should be a partnership.
If your IT team and your OT team don’t talk to each other on a regular basis, then you’re not only leaving yourself open to threats, you’re basically inviting them in.
Before we begin, if you need a refresher of the difference between IT and OT, Coolfire has a great breakdown over on their page.
The Danger of Working in Silos
Here’s the most obvious reason that you simply can’t have IT teams and OT teams working separately: the world is getting smaller, and your company has more access points than ever before. Industry 4.0 is here, and even with the remarkable opportunities it brings, our new interconnected devices also carry inherent threats.
Want another reason to bring IT and OT together? Hackers and other bad actors aren’t selective about the systems they attack to accomplish their goals—whatever those goals may be.
You can find plenty of examples of IT and OT systems being compromised by the same attack. Believe it or not, one relevant case study comes from the popular TV show “Mr. Robot.” (By the way, if you work with cybersecurity in any capacity, this show is worth checking out! Most of the cyberattacks it portrays that have also been tested in the real world are extremely realistic.)
In the first season, the main character, a hacker played by Rami Malek, attacks a SCADA system in a prison to open the cell doors. As the storyline goes, he believed the jail had a programmable logic controller (PLC) system operating the doors—so by gaining access to that piece, he had access to everything.
How did he get in there in the first place? This character had an accomplice drop flash drives infected with malware around the grounds of the jail. When a curious police officer plugged the drive into his laptop, the hacker gained full access to the prison’s network—including their SCADA system. It’s the perfect example of an IT exploit leading to an OT exploit.
Think that we’re just having a little fun with a TV show plot?
Think again. According to a study by three prominent cybersecurity consultants, an event like this could easily happen in the real world.
Step by step, the entire fictional IT/OT attack on the prison was tested by actual cybersecurity experts from start to finish. They found it to be entirely, absolutely, 100% possible.
We’d also like to remind you of the Stuxnet attack in Iran back in 2010. More than 15 nuclear facilities were infected thanks to one inattentive worker’s USB drive. Not only is this scenario possible, it’s already happened.
Is This Really a Big Deal?
You might wonder, who would even bother hacking an OT system? How many people even know what SCADA is—let alone how to hack it?
You might be surprised. While SCADA/ICS hacks aren’t as popular as some IT exploits, it’s easy to find everything you’d need to know. In fact, in researching this article, I came across step-by-step tutorials on how to find vulnerable systems, use Splunk to monitor them for security responses, and build and test a SCADA honeypot. I found default passwords for nearly all popular brand name systems and much more.
How did I find this? Google.
It didn’t take any unique skills at hacking on my part. I simply Googled “hacking SCADA” and came up with more than two million hits. Out of those results, it took less than five minutes to find a complete tutorial on how to hack nearly every part of many well-regarded Industrial Automation Control Systems (IACS).
Obscurity will not save your IACS from being attacked. In fact, it could make it more vulnerable. Your employees won’t necessarily think of these systems as targets, which can lead to lax security. As with the real-life Stuxnet and fictional “Mr. Robot” examples, once a hacker gains access to any part of your network, everything is compromised.
Of course, cyberattacks against IT infrastructure are also on the rise. From ransomware to employee theft of files, the risk of IT cyber threats is more widely understood. All we need to do is simply turn on the news.
The bottom line is, staying a few steps ahead of cybercriminals is crucial. Hackers can spread malware from your OT to your IT systems and vice versa. You need both skill sets to keep them out.
Breaking Down the Wall Between IT and OT
Both teams have skills that complement each other, and both teams are going to be vigilant in looking out for different symptoms of possible attacks. Think of IT and OT skill sets as different parts of a single machine. To keep the machine functioning smoothly, all parts need to work together. Any perceived competition or “bad blood” between IT and OT needs to be eliminated as soon as possible to ensure that our workplaces, homes, and lives stay safe from cybercriminals.
You’ll often see “IT/OT convergence” cited as a critical aspect of industrial cybersecurity. The word “convergence” simply isn’t strong enough to convey the high level of interoperability we need to keep our systems safe online. We need complete integration, communication, and cooperation between IT and OT teams, and we need it yesterday.
Many organizations are now struggling to attain those goals. It’s an important fight. The hackers are gaining ground, though, and we all need to step it up.