Summary

This document discusses the challenges of Operational Technology (OT) security. It outlines several critical vulnerabilities such as lack of visibility, plain-text passwords, and outdated systems. It further notes issues like a lack of skilled security professionals and the rapid pace of change.

Full Transcript

Certified Cybersecurity Technician Exam 212-82 loT and OT Security Challenges of OT ‘. Lack of visibility....

Certified Cybersecurity Technician Exam 212-82 loT and OT Security Challenges of OT ‘. Lack of visibility. Rapid pace of change (22 | Plain-text passwords [ 8 | Outdated oOutdated systems Network complexity Haphazard modernization Legacy technology Convergence with IT Unique production networks /. Lack of anti-virus protection Proprietary software Lack of skilled security professionals Vulnerable communication protocols Copyright © by EC-Councll AN Al Rights Reserved. ReproductionIs Strictly Prohibited Challenges of OT OT plays a vital role in several sectors of critical infrastructure, like power plants, water utilities, and healthcare. Absurdly, most OT systems run on old versions of software and use obsolete wvulnerable to malicious exploits like phishing, spying, hardware, which makes them vulnerable ransomware attacks, etc. These types of attacks can be devastating to products and services. To curb these vulnerabilities, the OT system must employ critical examination in key areas of vulnerability by using various security tools and tactics. Discussed below are some of the challenges and risks to OT that makes it vulnerable to many threats: Lack of visibility: Broader cybersecurity visibility in the OT network achieves greater security and so one can rapidly respond to any potential threats. However, most organizations do not have clear cybersecurity visibility, making it difficult for the security teams to detect unusual behaviors and signatures. Plain-text passwords: Most industrial site networks use either weak or plain-text passwords. Plain-text passwords lead to weak authentication, which in turn leaves the systems vulnerable to various cyber-reconnaissance attacks. Network complexity: Most OT network environments are complex due to comprising numerous devices, each of which has different security needs and requirements. Legacy technology: OT systems generally use older technologies without appropriate security measures like encryption and password protection, leaving them vulnerable to various attacks. Applying modern security practices is also a challenge. Module 13 Page 1602 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 10T and OT Security = Lack of antivirus protection: Industries using legacy technology and outdated systems are not provided with any antivirus protection, which can update signatures automatically, thus making them vulnerable to malware infections. = Lack of skilled security professionals: The cybersecurity skills gap poses a great threat to organizations, as there is a lack of skilled security professionals to discover threats and implement new security controls and defenses in networks. = Rapid pace of change: Maintaining the pace of change is the biggest challenge in the field of security, and slow digital transformation can also compromise OT systems. = Qutdated systems: Most OT devices, such as PLCs, use outdated firmware, making them vulnerable to many modern cyberattacks. = Haphazard modernization: As the demand for OT grows, it must stay up to date with the latest technologies. However, due to the use of legacy components in OT system upgrading and patching, updating the system can take several years, which can adversely affect several operations. * Insecure connections: OT systems communicate over public Wi-Fi and unencrypted Wi- Fi connections in the IT network for transferring control data, making them susceptible to man-in-the-middle attacks. = Usage of rogue devices: Many industrial sites have unknown or rogue devices connected to their networks, which are vulnerable to various attacks. = Convergence with IT: OT mostly connects with the corporate network; as a result, it is vulnerable to various malware attacks and malicious insiders. In addition, the OT systems are IT enabled, and the IT security team does not have much experience with the OT systems and protocols. = Organizational challenges: Many organizations implement and maintain different security architectures that meet the needs of both IT and OT. This can create some flaws in security management, leaving ways for the attackers to intrude into the systems easily. * Unique production networks/proprietary software: Industries follow unique hardware and software configurations that are dependent on industry standards and explicit operational demands. The use of proprietary software makes it difficult to update and patch firmware, as multiple vendors control it. * Vulnerable communication protocols: OT uses communication protocols such as Modbus and Profinet for supervising, controlling, and connecting different mechanisms such as controllers, actuators, and sensors. These protocols lack in-built security features such as authentication, detection of flaws, or detection of abnormal behavior, making them vulnerable to various attacks. = Remote management protocols: Industrial sites use remote management protocols such as RDP, VNC, and SSH. Once the attacker compromises and gains access to the OT network, he/she can perform further exploitation to understand and manipulate the configuration and working of the equipment. Module 13 Page 1603 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 loT and OT Security Introduction to ICS ICS Architecture 0 ICS is often referred to as a collection of E gr g g = different types of control systems and P!}, their associated equipment such as T systems, devices, networks, and controls anaa used to operate and automate several % * industrial processes E O An ICS consists of several types of control : sy systems like SCADA, DCS, BPCS, SIS, HMI, i f i T : PLCs, RTU, IED, etc. 0 ICS systems are extensively used in industries like electricity production and distribution, water supply and waste- water treatment, oil and natural gas supply, chemical and pharmaceutical production, pulp and paper, and food and.. HMI beverages a0 FiY & \”\i 8 i, veo,.. g E SIS, VFD, PID... Copyright © by EC- el AN Rights Reserved. Reproduction Is Strictly Prohibited Introduction to ICS The Industrial Control System (ICS) is an essential part of every industrial process and critical infrastructure found in industry. A typical ICS represents the information system that controls and supports all types of industrial processes, such as production, manufacturing, product handling, distribution, etc. An ICS often refers to a collection of different types of control systems and their associated equipment, such as systems, devices, networks, and controls used to operate and automate several industrial processes. An ICS comprises several types of control systems, such as SCADA systems, DCSs, Basic Process Control Systems (BPCSs), Safety Instrumentation Systems (SISs), HMls, PLCs, RTUs, and IEDs. This technology consists of various components, such as sensors, controllers, and actuators (mechanical, electrical, hydraulic, pneumatic, etc.), that act collectively to achieve an industrial objective. The process is the part of an ICS system that is mainly responsible for producing the output. The control is the part of an ICS system that includes the instructions needed to obtain the desired output. This control part is either fully automated or may involve human intervention in the process loop. The operation of ICS systems can be configured in three modes, namely open loop, closed loop, and manual loop mode. = Open Loop: The output of the system depends on the preconfigured settings. = Closed Loop: The output always has an effect on the input to acquire the desired objective. = Manual Loop: The system is totally under the control of humans. Module 13 Page 1604 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 loT and OT Security The controller (control) of the ICS system is primarily responsible for maintaining compliance with the desired specifications. Generally, ICS systems include multiple control loops, HMls, HMIs, and tools used for remote maintenance and diagnostics. The remote management and diagnostics tools are built using various networking protocols. ICS systems are extensively used in industries such as electricity production and distribution, water supply and wastewater treatment, oil and natural gas supply, chemical and pharmaceutical production, pulp and paper, and food and beverages. In some industries, ICSs are even distributed physically across multiple locations and their processes may be dependent on each other. In such cases, communication protocols are extensively used for efficient communication between the distributed ICS systems. ICS Industrial Control System SCADA Des SupervisoryAcqulsit Control and Data Distributed Control System SIS BPCS Safety Instrumentation Basic Process Control Systems Systems HMI - PLC - Human Machine Interface m‘"""‘”"‘ RTU IED Remote Terminal Unit Intelligent Electronic Device o ol pep Figure 13.16: Components of an ICS AR AN A _fi DCS | A AR A DCs —— SCADA................................................................................................... : PLC R)R " HMI " g SIS, VFD, PID... H n SIS, VFD, PID... PLC Figure 13.17: ICS architecture Module 13 Page 1605 Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited.

Use Quizgecko on...
Browser
Browser