In a previous article, I discussed how organizations are working to protect their industrial control systems (ICS) against intentional and accidental security threats. One of their biggest challenges is figuring out whether their information technology (IT) or operational technology (OT) teams are responsible for ensuring ICS security. Given the ongoing convergence of IT and OT, it appears both teams must work together to help their organization avoid a security incident, which begs the question: just how can IT and OT help protect an organization? Like enterprises in other sectors, an industrial organization's security strategy begins with an understanding of the potential threats. Organizations need to know what to look for in a web-enabled threat. Otherwise, they have no hope of defending against it. As part of this process, industrial organizations must familiarize themselves with the three stages of a digital attack. The first stage is the "discovery" phase. This is when attackers probe for assets and investigate their configurations and system states for apparent weaknesses. With all the information they gather, the bad actors then transition into the "attack" phase by exploiting an avenue to compromise an organization's people, processes, or technology. They might acquire remote access using stolen credentials during the second stage, for example, or they might conduct a phishing campaign. The third and final phase, known as the "intrusion" stage, occurs once the attackers have successfully captured credentials and established a connection with an asset. They can then leverage that connection to establish a deeper foothold in the network. It's one thing to review the model of an attack but it's another matter entirely to review an actual intrusion into an industrial organization. The resource Industrial Cyber Security for Dummies provides that level of exposure. In their e-book, Tripwire and its parent company Belden review an incident that affected a water treatment company. They are careful to point out the security weaknesses and vulnerabilities that facilitated the attack. For instance, the victim organization suffered from a single point of failure: one administrator used the same weak login credentials (and no additional security measures such as 2FA) to access both a customer payment application and a SCADA application on his laptop, thereby allowing attackers to steal customers' information and disrupt the organization's industrial processes. These consequences highlight the importance of organizations doing all they can to secure their industrial environments. For more information on what characterizes an industrial digital attack, download Tripwire and Belden's e-book here.
