Countries will have to strengthen the security of their critical information infrastructures (CII) and their Operational Technology (OT) systems, because the adoption of common standards allows hackers to intensify their attacks.
In addition, increased digitalization and connectivity have promoted automation in OT industrial sectors, such as electricity, oil and gas, water and manufacturing. But above all, these sectors are also becoming more efficient by adopting common protocols and operating systems.
However, as these sectors move from heterogeneous environments to standardized software stacks, homogeneity allows hackers to be more efficient, explains Robert M. Lee, CEO of the cybersecurity provider Dragos, specialized in industrial control systems and telecommunications.
The consequences of compromising OT systems are more expensive
And to predict the coming of more reproducible and inter-industrial OT attack toolkits, he points out. Associated with a wider attack surface due to increased connectivity, OT networks are more likely to be victims of an attack, warns Mr. Lee, who was speaking on Tuesday at the expert group forum on OT cybersecurity held in Singapore.
Just five years ago, in 2018, Dragos identified six to seven groups of state actors who focused on OT and industrial control systems. This number has since climbed to at least 22 groups and more and more networks of state actors are realizing the viability of targeting OT sectors.
Although the frequency of attacks in the IT field is higher than in the OT sector, the consequences of compromising OT systems are more costly and can have repercussions on people’s lives and on the economy, he added.
According to Dragos, 605 ransomware attacked industrial companies last year, an increase of 87% compared to the previous year. The Stuxnet worm, discovered in 2010, the attack on the Ukrainian electricity grid in 2015, and the discovery of a Pipedream malware toolkit last year, illustrate this evolution.
What works in the IT domain may not work in the OT domain
Noting that IT security best practices do not necessarily work as well in OT environments, Mr. Lee warns OT organizations against blindly “copying and pasting” IT security measures. In doing so, they risk causing significant disruptions and putting OT systems out of service.
Source: “ZDNet.com ”