18 Feb Building a successful industrial cybersecurity program
When people think about the consequences of a cyberattack very few consider anything beyond financial and data losses. In reality, the consequences can be far greater, especially when attacks concern industrial organisations.
Industrial organisations are responsible for the supply of essential commodities into society, including energy, water and food. When attacks hit industrial organisations, society suffers the impacts in the way of fuel shortages, electricity outages or disruptions in the supply of food.
While cyberattacks on enterprises are far more common, recent incidents have raised concerns about security weaknesses in industrial environments that could expose them to an increased risk of attack. The industry is working to address these weaknesses but one of the biggest challenges is that their networks were never designed with digital security in mind. Industrial environments were traditionally air gapped from IT, meaning they could only be accessed by people within plant walls, but digital transformation has changed this. Today, plant machinery and operational technology are regularly being connected to the internet and while these initiatives help automate processes, increase safety and cut costs, they also raise the security stakes.
Last year, Dragos opened its first offices outside of the US in Riyadh, and since then has expanded into Dubai, Kuwait and Oman. Based on our experience in the Middle East, below are three important steps organisations in the region can take to improve their industrial cybersecurity.
It’s a cliché, but it’s true – you can’t protect what you can’t see. While most organisations make good investments in preventative controls, they often do this to detriment of visibility, detection, and response, resulting in them missing things. As plant machinery is increasingly becoming connected, the attack surface of industrial organisations is growing so security of the entire environment is critical. To overcome this challenge organisations must use technology that can get inside their environments and get consistent visibility.
Learn through threat intelligence
It’s extremely important to learn from adversaries. What have we seen before? What will we do differently next time? Attacker techniques vary across different regions and just now we are seeing that some groups in the Middle East have crossed the divide between IT and OT, such as the attacks in the Kingdom of Saudi Arabia, which targeted the safety systems in a petrochemical plant. Organisations in the region need to learn from these adversaries to improve their defences. When we think about threat intelligence, we think about it in understanding adversaries’ tactics and techniques and the methods they’re employing. Industrial organisations should use threat intel to learn about attacker techniques and improve their response against future threats.
Build a strong cybersecurity culture
Industrial business leaders must encourage and nurture a strong security culture. Train staff on the dangers of threats and attacker techniques, run incident response training regularly and embed security checks into all business and supply-chain processes.
Cyberattacks on industrial organisations are a serious threat to society. Increasing environment visibility, learning through threat-intel and nurturing an effective cybersecurity culture are some of the most important steps for them to improve their defences against attacks.