With digital transformation making its way well into the energy and industrial sector, it is important for organisations to have a robust strategy in terms of cybersecurity for their Operational Technologies (OT) infrastructure, according to a report by Deloitte India.
Deloitte in its reimagining OT cybersecurity strategy highlighted the need for securing the OT infrastructure which can become more prone to cyberattacks.
“Organisations are adopting newer technologies to improve efficiencies, manage supply chains, and enable remote operations. While technology has many merits in improving the time to market, it is also instrumental in achieving the sustainability vision,” it said.
“However, along with transformation, there are cyber threats too. Cybercriminals, threat actors, and state-sponsored hacktivists are targeting these sectors and the whole gamut of critical infrastructure. Operational Technologies (OT) have become a lucrative target for state and non-state actors, as attacking them can disrupt operations, damage equipment, affect lives, and stall economies. Hence, protecting these technologies and improving resilience has become a matter of national security and safety,” it added.
According to the report, the use of legacy systems, a lack of proper network segmentation, absence of robust governance, security policies, and monitoring as well as unsecured remote access are leading to a rise in cyber vulnerabilities of OT systems.
“For the industrial and energy sectors, both the internal and external environment is changing rapidly,” said Santosh Jinugu, Executive Director, Deloitte India.
“Driven by the imperative to transform their businesses, run efficiently, and support decarbonisation, digital transformation is expected to become mainstream. At the same time, the geopolitical environment is getting complex, which also brings critical OT systems on the radar of bad threat actors. OT systems are, by and large, complex, and so are the repercussions of a cyber-attack. It is important to have a robust strategy in place to secure these OT systems, and not let cyber risks become an impediment in the adoption of Industry 4.0 and the whole gamut of next-gen technologies,” Jinugu added.
The report further highlighted a six-point framework for securing the OT environment for organisations. As highlighted in the report, organisations must look at an in-depth security assessment to establish the security posture.
“Amidst greenfield or brownfield digital projects, a comprehensive security assessment helps understand security maturity levels and existing gaps. Moreover, it provides visibility on asset inventory across levels – field devices, process controls, supervisory, and enterprise IT networks. This helps understand the current security levels and put the right OT security process and roadmap in place,” it said.
They must also follow the necessary security processes, protocols, and controls such as the IEC 62443 standards (Cybersecurity for Industrial Control Systems) across policies, management, industrial IT, products, and components.
“Security considerations include, but are not limited to, designing a secured network segmentation model and secured remote access, as well as managing privileged access, data backup, and passive monitoring for visibility of networked assets and activity,” it said.
It further added that it is necessary for any digital programme or third-party collaboration to have a “security-by-design” and “resilient-by-design” approach to be able to successfully mitigate risks. For products, systems, and the development lifecycle, third-party assurance certifications, it is imperative for organisations to comply with standards such as IEC 62443-4.
“Periodical risk and vulnerability assessments and audits can help take the right step towards bolstering security while providing the required security assurance,” it said. Organisations must also look at 24×7 monitoring via a robust next-gen IT-OT security operations centre (SOC)/threat intelligence centre.
“As both the environments integrate, it is pragmatic to have a common IT-OT SOC, using specialised OT security solutions that help in asset identification, visibility, anomaly detection, and monitoring. Having custom OT specific playbooks, use cases, and a common SOC empowers security teams to effectively join the dots and respond faster to threats,” the report said.
They must also have an incident response and cyber crisis management plan for the OT environment in place which must undergo regular reviews by the board and others. Further, it should address various scenarios affecting OT systems, including emerging threats and attacks such as ransomware.
“Industries should also focus on having table-top exercises for executives to prepare them towards various scenarios,” it said. It further emphasised training and awareness as one of the crucial aspects of OT cybersecurity strategy. Additionally, red teaming is essential to test the resistance and resiliency of OT environments to stay ahead of malicious threat actors. “A robust mechanism should also be set in place to incorporate leanings, plug-in gaps, and enhance security,” it said.