Mille Gandelsman, CTO of Indegy, states, “In many ways, 2018 represented the coming of age for industrial cyber security. The adage that operational technology networks were isolated from threats by an air gap was recognized for what it is, a fallacy in an era of interconnectedness and IIoT technologies.”
Many pundits believe that even though industrial control systems have been running critical infrastructure and manufacturing since the 1950s, only in the last few years have they undergone a “coming of age” when it comes to security. This is primarily due to a confluence of events that have propelled OT threats to the C-Suite risk agenda. Namely, the adoption of IIoT, the convergence of IT and OT environments, and the increased targeting of these mission critical systems by rogue parties that are both known and unknown entities. What used to be isolated, air gapped “set and forget” OT networks have become ground zero for potentially debilitating cyber-attacks.
It is not all doom and gloom, however. Progressive industrial organizations are well down the path of ensuring the full visibility, security and control of their environments. If fact, many organizations that must meet a minimum-security compliance level such as NERC, NIST and NIS have gone way beyond these basic directives. The markets have reacted quickly to this new threat vector and attack surface. And while OT environments are certainly not 100% secure, we are moving in the right direction.
As 2018 winds down, the obvious question is what can we expect next year? Based on our daily interactions with professionals working to secure their industrial control systems, we have pulled together the following predictions about the 2019 Industrial Security landscape.
1. ICS Security Will Become More Mainstream
As noted earlier, many large industrial and critical infrastructure organizations have already made investments to secure their OT infrastructure to the same or even a higher degree than their IT infrastructure. We expect this trend to continue in 2019. In addition, we predict it will extend beyond large organizations to midsize and smaller companies. Given the clear and present threat, ICS security is no longer an early adopter segment and will become a mainstream requirement for every industrial organization regardless of size or vertical.
2. Hacking Tools for Critical Infrastructure Will Be more Accessible
And that brings me to the adversaries responsible for ICS attacks. There is no question that many past attacks have been conducted by nation states, rogue factions and insiders. Going forward, we will likely see lone wolves and non-nation actors also launching attacks. The barriers to entry are lower, and with a little know how OT based attacks can be carried out by the general hacking community rather than being relegated to state sponsored cyber warfare initiatives.
3. Of Course, Attacks Will Continue to Get More Sophisticated
In general, most of the attacks that we have seen to date were aimed at a single target or country. Attacks will continue to grow in sophistication and become multi-pronged, targeting multiple locations and sites simultaneously or in close succession. Organizations will need to consider this possibility and once again evolve their security posture accordingly.
4. Active Detection Will Be Too Valuable to Ignore
The previous prediction will not only push organizations to act, but also force them to address new threats in a more proactive way. Passive or “listening only” monitoring only looks at network traffic and it will no longer be sufficient. Rather, Active Threat Hunting through safe device querying will become essential to gain the visibility, security and control necessary to protect against a new generation of threats. “Active” covers the 50% of threats that can’t be detected with network-only monitoring. Many OT security vendors are only now adding rudimentary active capabilities.
5. More Collaboration/sharing of OT Threat Intelligence
In threat hunting, several other capabilities will be required to better identify, mitigate and report on new ICS threats. In the coming year we are likely to see a maturation of ICS threat intelligence. This includes the use of external security data feeds as well as integrating OT security technologies with SIEMs, next generation firewalls, etc. There will also be more sharing of information across communities such as OISF, which has been a mainstream practice for years in IT. It will be embraced by the OT community as a key way to more quickly identify threats and protect against new attacks that can impact ICS environments.
6. Real Standards for ICS Security Will Emerge
Finally, in addition to all the above, we will see new ICS specific standards, guidelines and best practices for assessing and hardening the security of ICS environments published and adopted.
Looking at 2019 and beyond, ICS threats will continue to escalate and evolve, but we predict the solutions to combat these threats will effectively address whatever emerges. In planning your strategy, look for ICS security vendors that are experts in what they do and can help chart the course that is right for your organization both now and into the future. For more details, visit Indegy.