OT and IoT Security: cybersecurity is increasingly at risk. As Edgard Capdevielle, CEO of Nozomi Networks points out, “What only 10 years ago was an occurrence found once or twice a year now constitutes the new everyday life”: but then, how should we behave in the face of this phenomenon?
OT and IoT Security: a change of mentality
The Chief Executive Officer of the Swiss company says: “Whenever an event such as the recent ransomware attack against Colonial Pipeline occurs, industry experts and vendors scramble to share insights into what could have been done to counter it, or what impact it could have a such violation. But what companies and organizations need it’s changing their attitude to have a post-breach mindset, again
before the violation occurs “.
Then speaking of the corporate attitude, he refers to the fact that in Nozomi Networks, many of the contacts are born right after an attack, when the customer realizes that their networks lacked the visibility necessary to identify the dangerous behavior prior to a violation. .
“In general – he continues – although the importance of visibility and detection are understood, from an economic point of view they are usually considered as if they were insurance. Nobody likes to pay insurance until something bad happens. And that’s why the image below is so popular in the security environment – that’s what happens in reality. “
The post-breach
In this situation, the market needs a unified public, state or governmental approach to how to protect critical infrastructure. Over the years, there has been a lot of talk about how the actions taken do not go at the same pace as the attackers.
It will be imperative to have some very prescriptive steps that suppliers will have to take before it’s too late. There must be a level of emphasis on cybersecurity that we have not seen to date, or attacks like the ones we have witnessed against Colonial Pipeline and Oldsmar Water Plant will be just the beginning. Funding, support and clear guidance will play an important role in making sure critical infrastructure is resilient and secure.
It is said that luck comes from the encounter between preparation and opportunity. In a threat landscape today
increasingly broad and sophisticated, if you adopt a post-breach mentality (and before having experienced one
violation), we can define ourselves extremely lucky.
Critical infrastructures at risk
Too often, critical infrastructure providers, such as water utility companies, do not have sufficient funds, or have not made it a priority of their own to proactively adopt a post-breach approach to secure their networks. A recent article in IWCE’s Urgent Communications summed up the situation well: “The harsh reality is that too many water utilities still have outdated systems and limited visibility into what is happening in their operating technology (OT) environments.”
One of the largest pharmaceutical companies in the world had a thorough audit carried out by a well-known consulting firm and found that one of their biggest shortcomings was network visibility – the most important point in cybersecurity. The company has therefore embarked on a research and evaluation process and is implementing solutions to gain the visibility and security it needs, before it’s too late.
Even in the case of Colonial Pipeline, the first information made available by the company and the coverage given by the press seem to indicate that processes were in place to detect and contain this type of attack.
There will certainly have been a financial impact related to having to take the containment systems offline, but let’s try to imagine the consequences of an attack free from system restrictions and processes in place, which perhaps would have caused the loss of control over the business for a long time: the comparison would certainly make the cost associated with the prior offline commissioning of the system appear to be a simple rounding error.