Business leaders who have security as part of their overall business strategy discussion are better positioned to balance the technologies, processes and resources needed to anticipate constantly evolving cyber risks. The term ‘operational technology’ (OT) refers to the hardware and software used to control industrial processes and infrastructure, particularly in industries such as energy, mining, utilities, manufacturing and transport. A cyber-attack on an OT environment can have serious and wide ranging consequences beyond just financial losses – including prolonged outages of critical services, environmental damage and even the loss of human life. There are highly skilled and motivated adversaries actively seeking to exploit the security weaknesses in OT networks, process control systems and critical infrastructure. Their motivations range from economic benefit and espionage through to malicious disruption and destruction. While many operators in these sectors have recognised the need to increase focus and spending on the security of their corporate IT systems, this has not been matched for OT systems, leading to critical vulnerabilities. We have drawn on our experience conducting cyber security assessments and penetration tests across the globe to identify the 10 most common security flaws in OT networks.
The Swiss Reporting and Analysis Centre for Information Assurance (MELANI) highlights the importance of a cross functional approach to combat cyber threats to Operational Technology and Infrastructure: “The enumerated measures should be embedded in an overarching security process, ensuring that the measures are applied, regularly verified, and continuously improved. Moreover, it is important for operators of systems to know the current threat situation, to monitor that situation regularly, and to incorporate the insights into implementation and improvement of the security measures. For this purpose, close cooperation between risk management, engineering, and operations is of the utmost importance.”
Read the report:
Cyber Savvy securing operational technology assets December 2015
The 10 most likely ways your operation technology network will be compromised: