May 18, 2021
By Sarah Czarnowski

Avoiding Complete Shutdown: Why OT Security is Critical for Any Enterprise

In May 2021, Colonial Pipeline, the company responsible for the largest pipeline system in the U.S.—which transports more than 100 million gallons of gasoline per day—was impacted by a cyber-attack.

During the attack, an external group targeted the organization’s IT systems to encrypt information, demanding a ransom for a decryption key to unlock the data. While the attackers were only able to exploit IT systems like laptops and servers, the company was forced to take their industrial controls offline as a safeguard against potential physical damage to infrastructure.

This impact on their operational technology, or OT, and resulting disruption to fuel supplies was felt across many regions.

Why is OT Security Important?

We can define OT as an organization’s physical, network-connected devices that monitor or control processes and events outside of information technology (IT). Some examples include building and pipeline sensors, HVAC systems, medical devices, and life sciences manufacturing equipment.

Unfortunately, many organizations don’t know or understand their level of threat exposure when it comes to OT. And since they usually lack a single, centralized inventory of all their devices, equipment, and facilities, it becomes difficult for organizations to make basic decisions during and after a cyber-attack—like determining if a security event was targeting a specific device.

That’s why having visibility into your equipment and devices is crucial. While visibility itself won’t fully protect you, it can provide actionable data to help you make decisions that keep critical OT systems online.

How Hackers Exploit IT to Access OT

While OT security focuses mainly on device resilience, IT is concerned with the integrity of information. This means OT teams and IT teams often have different priorities, which provides opportunities for attackers looking at new entry points into a business.

Directly related to this chasm, a widespread problem in OT security is that many machines are running outdated software or lack aftermarket security patches. Microsoft Windows vulnerabilities like BlueKeep and DejaBlue continue to be discovered in old Windows systems. Just last year, TrapX Security found a new malware campaign targeting devices running embedded Windows 7.

And according to the 2020 Global Risk Report by OT security firm CyberX, unsupported and unpatched operating systems—including Windows XP, Windows 2000, and now Windows 7—account for 71% of networks they examined.

What You Can Do to Protect OT Your Devices

To address OT security challenges, organizations need the following two capabilities:

  • Device tracking and data: When a piece of equipment or device is purchased and provisioned, the device technician or a 3rd party field technician must be able to input the device details into the inventory when they work in-person or remotely on the device. These details should include make, model, serial number, location, owner name, latest software patches, and owning department. This device inventory acts as the single source of truth that gets an update when routine maintenance takes place, where personnel will enrich the device data with any new information.
  • Full security systems integration: There needs to be integration with a security monitoring system, so that when an OT security event or vulnerability is identified, security, IT, and equipment support teams all operate with the same data and visibility. And beyond monitoring, there must also be a security orchestration, automation, and response system of action so all teams work together to enable rapid remediation of security events. Ideally, when a security event takes place, the security team should be able see the full context of the device—including the device owner and the appropriate remediation process. Then a work order can be dispatched to the device engineer or manufacturer’s or service provider’s field technicians. The work order should be trackable so that security, IT, and the device engineers are kept aware of the remediation status.

How Nuvolo OT Security Can Help

When integrated with security monitoring systems, Nuvolo’s OT Security solution—the industry’s first OT security solution built on ServiceNow—provides your security, equipment, and device teams with the visibility and capabilities they need to identify and address threats quickly and accurately.

It works by matching security, utilization, and discovery events against known OT asset data in the computerized maintenance management system (CMMS)—like MAC and IP address, serial number, location, and owner—to drive actions that remediate a security threat quickly and accurately. These processes can even be automated through remediation-related workflows.

Plus, it imports pre-integrated vulnerability data sources—including the National Institute of Standards and Technology (NIST) Common Weakness Enumeration (CWE), Common Platform Enumeration (CPE), and Common Vulnerabilities and Exposures (CVE) vulnerability data import—in addition to matching documented vulnerabilities from NIST/MITRE Corporation across device inventories. That means you’re always in the know when it comes to possible threats.

Are Your OT Devices Protected?

When a cyber-attack occurs, it’s best to be prepared with a solution like Nuvolo OT Security. With extensive response and remediation capabilities, it can help ensure business continuity by helping you keep critical OT systems up and running. Whether you’re delivering gasoline to millions of people or simply running a single facility, having the right solution in place can give you the peace of mind of knowing that your assets and operations have a critical line of defense.