Converging IT, OT and IoT requires an integrated security strategy
Take a quick guess at how many devices are connected to the internet in your organization. Of course, you’re probably counting the standard IT equipment like desktops, laptops, tablets, and mobile phones. But have you included other things like smart lighting, wearables, warehouse robots, security systems like CCTV, and the office environmental control units?
For example, a few years ago, a 10GB database of high-roller data was stolen from a North American casino and sent out to a device in Finland through the casino’s fish-tank thermometer. The thermometer was connected to a networked PC to regulate the aquarium temperature, and that was all the hacker needed to enter and exit the casino’s network.
A recent report by the Forescout Research Labs found uninterruptible power supplies, physical access control systems, and HVAC control units as the top riskiest devices across the five verticals it studied: financial services, government, healthcare, manufacturing, and retail. However, in healthcare, the number one riskiest device is the pneumatic tube system. The research measured the risk “by aggregating vulnerabilities, exploitability, remediation effort, matching confidence, open ports, potential communications, business criticality and whether the device is managed”.
Company size or device complexity doesn’t necessarily matter; access does — and the more accessible a system is, the better. When a company doesn’t even know all the devices connected to its networks, this oversight could open a door for cybercriminals to slip in unnoticed. It is not enough to secure the information technology (IT); the operational technology (OT) side has to be protected, too, especially with the amalgamation of the two technologies. Today, it’s not unusual for OT devices to be accessible via TCP/IP networks, and vice versa.
According to Statista, the total installed base of IoT-connected devices worldwide is projected to be 30.9 billion units by 2025. This year there are only around 13.8 billion units in service. More reliable and faster networks, particularly with the 5G rollout, enable more adoption and integration of IoT devices. That means more attack surfaces and overlooked vulnerabilities are presented for cyberattacks to scan and approach.
Last April, Forescout and JSOF researchers for Project Memoria discovered flaws in four common TCP/IP stacks that connect devices to networks. Unfortunately, weaknesses passed down through legacy systems can remain undetected for decades — why update a kernel, driver library, or device firmware if things seem to be working? This is a misstep that could cost a business dearly. If security researchers can uncover security flaws, so too can bad actors. Researchers and hackers use what are essentially the same tools, and are drawn from the same skilled gene pool.
“With all these findings, I know it can seem like we’re just bringing problems to the table, but we’re really trying to raise awareness, work with the community, and figure out ways to address it,” said Elisa Costante, vice president of research at Forescout, about these issues. “It’s a widespread problem; it’s not just a problem for a specific kind of device. And it’s not only cheap IoT devices. There’s more and more evidence of how widespread this is. So that’s why we keep working to raise awareness.”
In August, Forescout and JFrog researchers disclosed new findings from the Project Memoria. They found 14 new vulnerabilities affecting the NicheStack TCP/IP, a.k.a. the InterNiche stack, which is used by many OT devices, with a significant number in the critical infrastructure space, such as the popular Siemens S7 line of PLCs. The INFRA: HALT report recommends network segmentation and patching devices to mitigate the risks, as well as blocking or disabling support for unused TCP/IP protocols such as HTTP.
The first half of this year alone saw almost double the number of attacks targeting IoT devices from the second half of last year, said cybersecurity firm Kaspersky. From around 639 million to 1.5 billion attacks, criminals are clearly following increasing user interest in smart devices. The solution to this is to have better security policies — but first, you need to know what you have and how best to protect it.
Forescout Research Labs has published a report giving an insight on what to look out for using a smart building as a case study to illustrate the interconnectivity of legacy OT assets (such as programmable logic controllers), IT systems (such as workstations), and IoT devices (such as IP cameras and smart lights). “Rise of the Machines: Transforming Cybersecurity Strategy for the Age of IoT” is an eye-opening eBook that raises awareness of the changing cybersecurity landscape and risk exposure, and shows how device visibility and control can improve network resilience.
With over two decades of experience and over 3,800 global companies as its customers, Forescout Technologies is on a mission to actively defend the Enterprise of Things by identifying and enforcing security compliance of every connected thing. It’s a trusted player in this sphere that knows security strategies & best practices and is an important collaborator with the US government agency, NIST (the National Institute of Standards and Technology). It is recently named the “Overall IoT Security Solution Provider of the Year” at the fifth annual CyberSecurity Breakthrough Awards which received more than 3,750 nominations from over 20 countries across the globe.
“Forescout is at the heart of one of the biggest security and compliance challenges that enterprises face today. IoT, OT, cloud workloads, traditional user devices, servers are a ‘Thing’ with an IP address. Increasingly, these Things are unagentable, but enterprises cannot afford for them to be unmanageable,” said Wael Mohamed, CEO of Forescout.
Once you’ve identified all the things connected to your systems, an excellent place to start figuring out the best defense strategy for you is by knowing: read “How to Reduce Risk by Aligning with the NIST Cybersecurity Framework.” It’s a guide to using the NIST framework of Identify, Protect, Detect, Respond and Recover to build up your OT & IT security solution and manage all connected devices. Seeing and securing them is the goal for your peace of mind and the safety of the people (and things) connected to your organization’s networks.
Get a personalized tour of Forescout’s solutions and see how it can help you protect your Enterprise of Things.
- As the US and the EU sign agreement for responsible use of AI, will APAC be part of it?
- The US is not done attacking Huawei — a complete ban is looming around the corner
- How organizations can reap the benefits of cloud, without cloud bill shock
- Rising demand for cloud technology: why enterprises are moving to the edge
- Unlock the blind spots in your network with Riverbed