Blog

Securing Connected Systems

By Nicolai Solling, Chief Technology Officer

Dec-2022 4 min to read

As organizations are going through accelerated digital transformation, there is no other area that is impacted more than operational technology. Sensors, devices, and compute units are today feeding data into the IT systems of organizations to make business operations even smarter and customer experiences even better.

Next time you order a pizza and can follow the deliveryman’s journey right to your front door, remember that this is made possible by a sensor – in this case an app on the deliveryman’s smartphone – that is constantly delivering data to the planning systems of the food delivery service. Being a mere convenience for the pizza-hungry consumer, it is a key asset for how the delivery service plans routes, measures efficiency of their drivers, and predicts and optimizes their business. Without this data, they would not be able to operate.

This is no different in a production plant or a hospital or even the facility management systems that are monitoring the skyscrapers and smart city districts we live in.

In short, operational technology is touching every single individual and business as we try to harness the power of modern IT applications in our operational technology environments.

For the same reason, the infrastructure that we used to expect to be isolated and disconnected, and therefore did not consider security risks for, are now being connected to IT environments to generate value from the data they are generating.

Production facilities are being modernized with ICS and SCADA systems now being connected to ERP systems, thereby allowing for better capacity planning, monitoring and predictability of the operations. Hospitals are connecting everything from MRI scanners to patient monitoring systems to IT infrastructure with clever integrations and to journaling systems, telehealth systems and remote diagnosis of both the equipment as well as the patients. While all these applications are smart, efficient and deliver economy at scale, they also dramatically change the risk exposure for connected systems.

In 2021, we saw several cyber attacks that were directly targeted at operational technology along with ICS and SCADA systems. The most notable event was the one that targeted the energy sector in the US, where Colonial Pipeline was hit by a ransomware, which impacted its ability to pump fuel from its refineries to the east coast of the US for more than 10 days, effectively drying out the fuel tanks of one of the most advanced economies of the world.

Maybe less well-known is the havoc resulting from REvil’s ransomware attack closing down JBS S.A. meat packing facilities, where JBS later paid USD 11 million in ransom to REvil. REvil was also behind stealing blueprints of unreleased Apple products from the Taiwanese electronics manufacturer Quanta.

Finally, the US Department of Health and Human Services released a study around the impact of cybersecurity attacks in the health sector – a total of 82 ransomware attacks on healthcare facilities were tracked in only the first 4 months of 2021, closing down hospitals and healthcare providers – and industry impact is sometimes calculated in human fatalities.

Needless to say, as we connect any infrastructure the impact gets bigger, deeper and more serious and every sector that is reliant on operational technology is impacted.

In Help AG, OT security is a key focus area with specific technical experts who have years of experience in securing OT environments as security practitioners in the field, and we are able to deliver an end-to-end approach in securing operational technology.

For many clients the approach starts with understanding which devices are connected to the OT infrastructure, and what vulnerabilities are present in these systems.

An ugly truth of OT security is that the systems utilized are often running outdated, unmanageable versions of software. Even if a patch is available, getting a service window where it can be deployed can be challenging to obtain in a timely manner.

For this specific reason, a huge part of OT security is focused around creating a secure demarcation point, where all communication in and out of the OT infrastructure is governed and controlled. Examples of technologies that we utilize in this area are data diodes, file validation and sandboxing services.

Inside the OT environment itself, apart from identification of devices and systems, we are also focusing on identifying what a normal traffic pattern from these systems looks like, hence being able to identify very early stages of infections and intruders.

Technologies we utilize here are DNS security, Network Behavior Analysis solutions as well as specific OT focused technologies that have the insight not just into traffic patterns, but also protocol layer intelligence to identify malicious changes of parameters and data flow between systems. In Help AG, we are great believers of cybersecurity being a business enabler and not a discipline which simply denies the use of technology in an organization. With OT security it is no different – Failing to deliver excellent cyber resilience against attacks on OT infrastructure will mean that you ultimately can jeopardize your digital transformation journey and disrupt your ability to operate. This is the reason why OT security deserves the correct focus, investment, and capabilities. Done right you can securely gather data that supports informed and intelligent business processes. Done wrong it can close down a company and cause fatalities.