One term that you many have heard on and off in the world of
Cyber is that of “Operational Technology”, also known simply as “OT” for short. It has been used in conjunction with “IIoT”, which
stands for the “Industrial Internet of Things”.
So, you may be wondering what exactly is OT? Well, a technical definition of it as follows:
“It is the practice of using hardware and software to
control industrial equipment, and it primarily interacts with the physical
world.”
(SOURCE: https://www.redhat.com/en/topics/edge/what-is-ot)
So as you can see, it pretty much deals with anything technological
related to equipment that is involved in heavy industrial usage. Some examples of this would include car assembly
lines, logistics/supply chains, trucking, aviation, etc. But the problem here is that these pieces of equipment
are actually pretty archaic in nature.
Thus, they have become a prime target for the Cyberattacker because modern
day software patches and upgrades simply will not work for them.
In fact, this is the problem that Critical Infrastructure is
having. Much of the technology that
underlays our water supplies, oil/natura gas pipelines, and even the national power
grid is also outdated. And these too
have become prime targets. Probably one
of the best examples of this is the Colonial Gas Pipeline attack, where the CEO
ended up making a payment of $4.4 Million.
This outdated OT is also starting to impact another
industry, in which the entire world is dependent upon. These are the cargo vessels that transport
goods and supplies to all places. This
is technically known as the maritime industry.
So far in the news, we have not heard too much about Cyber
attacks to these kinds of vessels. But
given their increased dependence upon them, they too will become a prized
target. Also note that these ships also
use a wide myriad of electronic components, primarily to help them with navigation. Some
of these include the following:
*Radar
*Electronic Charts
*Engine Monitoring
*The GPS System
One of the other biggest weaknesses facing the maritime
industry is that they often still use weak and
easy to guess passwords. Don’t
forget to also take into consideration that these vessels carry hundreds of
containers, and they are inherent risks with them also, especially when it
comes to physical based security.
So, what are some of the Cyber risks that the maritime industry
actually faces? Here is a sampling of them:
1)
High economic costs:
Because the OT that is used is so old,
simply upgrading them to newer standards will not happen. The primary reason for this is that many of
these components are simply not available anymore. IF anything, they have to be custom-made,
which can take a very long time to achieve.
The only other option is to totally gut the old OT, and put in a new
one. But this would be too cost prohibitive
for the shipping lines.
2)
Using the Cloud:
Although the vessels OT systems might
be outdated, as mentioned, they make use of sophisticated electronics to keep
them on their course. These devices too
can be prone to a Cyberattack. But the
good news here is that these kinds of devices should be upgraded, given that
they are still new.
3)
Password Hacking:
Also as described, cargo vessels
still use very weak passwords. Advocates
are claiming that it is time for them now to upgrade their process in this
regard, and start using a password manager of sorts. It would be even better if some sort of Privileged
Access Manager could be put in place, and the Cloud would be a great option for
this to happen.
4)
Third party risk:
Maritime transportation is of course
heavily dependent upon third party suppliers
in order to deliver the cargo.
So, there is a lot of risk here as well.
The need for third party vetting now becomes crucial, but this is far
easier said than done. When you consider
literally the hundreds of people involved with getting a cargo ship ready this process
would take a long time to complete. Also, it should not be up to the cargo lines to do
this. It should be the countries from
where they originate that should take the
ultimate responsibility for this happening.
My Thoughts On This:
IMHO, it may be time for these cargo vessels to upgrade their
OT systems now finally. But again, this
will be a very expensive and time-consuming process. But in the long run, these benefits will outweigh
the costs of having to keep repairing and upgrading systems. Also, many Cyber pundits feel that the
maritime industry should also adopt the kinds of standards that Corporate
America must adopt.
Some of these include:
*Intrusion Detection Systems
*Network Segmentation
*Zero Trust Framework Implementation
*Deploying EDR and XDR systems
*The use of AI and SIEM to keep track of the latest warnings
and alerts
More Information about the kinds of controls that should be implemented
can be seen here at this link:
https://www.darkreading.com/ics-ot/4-big-mistakes-to-avoid-in-ot-incident-response
The concern over the security of the maritime industry both
from a physical and Cyber one is nothing new.
As far as my remember, it goes back even as far as after the 9/11 events took place. But rather than waiting another twenty years
to do something, the time to act is now.
No comments:
Post a Comment