While Cyberattacks Are Inevitable, Resilience Is Vital

and leveraging new technologies requires minimal investment, as most companies already have the human and technical resources necessary,” he said.

Useful new technologies include:  

• AI and machine learning. AI and machine learning bring significant advances in securing operational technology environments. AI leverages behavioral analysis to detect anomalous activities within OT systems that may indicate a breach. By continuously monitoring equipment and user behavior, AI can identify deviations from normal patterns, alerting security teams to potential threats before they cause significant harm. Machine learning models can predict and respond to emerging threats in real-time within OT environments offering threat intelligence. These models analyze vast amounts of data from sensors and control systems to identify patterns and indicators of compromise, allowing organizations to proactively defend against sophisticated attacks.

• Zero trust architecture. Zero trust architecture enhances security in OT environments by assuming no user or system is inherently trustworthy.

• Identity and access management (IAM). IAM ensures that only authorized individuals have access to critical OT systems. By enforcing strict identity verification and access controls, IAM reduces the risk of unauthorized access and potential breaches in the OT environment.

• Micro-segmentation. Micro-segmentation breaks down OT networks into smaller, isolated segments to limit the spread of potential breaches. This approach contains threats within confined areas, preventing them from moving laterally across the OT network.

• Security orchestration, automation and response (SOAR). SOAR technologies streamline and automate security operations in OT environments, enhancing an organization’s ability to respond to incidents swiftly and effectively. By integrating various security tools and processes, SOAR improves the efficiency and coordination of incident response efforts, reducing the impact of cyberattacks on critical OT systems.

Understand consequences

Cybersecurity is all about understanding risk and applying the basic controls and sprinkling in new technologies to keep the bad guys out and keeping the system up and running by eliminating as much unplanned downtime as possible.

“Cybersecurity is a risk game—as long as computers are required to deliver critical products and services, they will have some vulnerability to an attack,” Carrigan said. “Risk is a simple equation: Risk = Likelihood x Consequence. Most of our investments have been in reducing the ‘likelihood’ side of the equation. The future of OT cybersecurity will be in reducing the consequences of cyberattacks—specifically, how to minimize the impact of infiltration and restore operations within an acceptable period.”

Manufacturers must understand their risk appetite and know what and where their organization’s crown jewels are and how to protect them. “Applying the same security practices to all OT assets is not practical—some are more important than others, even within the same company and the same OT network,” Carrigan said.

Remaining resilient to a cyber incident—any kind of incident—means manufacturers must apply the basics, sprinkle in some new technologies and plan, test, revise and then start that process all over again. Don’t live with a false sense of security. Creating and following a resilience plan will keep your organization up and running while remaining productive and profitable.

Resilience best practices

It is no secret cyberattacks of all types continue to increase as certain industrial sectors remain low-hanging fruit for attackers. The following are some basic best practices to stay ahead of attackers:

• Fight to remain resilient.

• Understand your risk equation.

• Understand the likelihood and the consequence of an attack.

• Train, train and then train some more; get specific OT training.

• Re-evaluate your system and understand the dynamic nature of cybersecurity.

• Increase visibility.

• Take stock of what you have on your system.

• Understand what is talking to what.

• Create a culture of collaboration.

• Communicate.

Final thoughts

In the end, remaining resilient is a program and not just a slogan. No matter what the status is of any security program, it must keep evolving to get better and better because attackers are not standing pat. Whether it is ransomware, a terrorist or a hacktivist attack, a threat actor wants to get in, get what they can, and then get out successfully.

A successful resilience program always falls back on applying solid technology, understanding and communicating the process, and having smart workers understand what to do at the right time.

This feature originally appeared in AUTOMATION 2024: 1st Annual OT Cybersecurity Trends Report.