Standards-based defence in-depth cybersecurity for OT

Dataquest organized a webinar on Standards-based defense in-depth cybersecurity for OT. The participants were Aasef Iqbal, Senior Specialist, OT Cyber Security Fortinet, and Farhan Khan, CIO, Radico Khaitan. Sunil Rajguru, Executive Editor, PCQ & CIOL, was the moderator.

Rajguru said that hackers never sleep! Cyber security should be 24/7. There are Covid-19 criminals. Phishing, malware, ransomware have increased during Covid-19. Initially, WHO reported a five-fold increase in attacks. Hackers had videos saying they were providing emergency supplies, surgical masks, medical documents, etc. In certain weeks, there were URL attacks and spam attacks that increased 100-fold.

The attacks moved from network layer to app layer. Every device had to be protected. The threats have increased manifold. Right infrastructure with appropriate tools and controls are required in the offices and homes. There were well-defined response guidelines.

 5G and Industry 4.0 will change everything

 Now, we are building cyber resilience.

Going forward, 5G and Industry 4.0 will change everything. There are smart cities, smart factories, smart cars, smart utilities and all-pervasive IoT devices. The Internet of People is like desktops and laptops. Today, already we have more IoT devices than people on earth.

Aasef Iqbal, emphasized that it is going to be an interconnected world, and there are going to be ripple effects for the attacks. Not just the infrastructure is going to be attacked but the complete connected ecosystem is going to be targeted. He explains what is threat landscape, and what are the Industry standards.

The advanced threats are continuing to adapt. Even advanced threats continue to rely heavily on social engineering. Threat incidents have risen to 6 billion+ in the 2020s. Garmin recently issued a statement on a recent cyber attack. Some industries were affected. The connected infrastructure that Garmin provides was affected. People were not able to utilize the GPS in aviation, automotive, fitness, marine, etc. The attack happened on July 23, 2020. Five days business was lost. The executable was able to decrypt sample files encrypted on the WastedLocker. The hackers demanded $10 million.Another issue is RaaS or ransomware-as-a-service. You can buy ransomware online. Following the Garmin incident, there was a ransomware attack. A US travel management firm was hit with a Ragnar Locker ransomware. The company agreed to pay and handed over $4.5 million in bitcoin. A lot of haggling went on before the final payment. Hackers also recommended some updates for the company.

If such an attack happens on the IT/OT infrastructure of a company, the destruction caused will be huge. The loss incurred to the business due to service outage and damage done to the brand reputation. The trend is becoming more common attacks. The hacker ecosystems revolve around opportunity, intent, and capability. Hackers have the currency. They have an efficient and anonymous communication channel. They are masters of their business. They also know the victim's weaknesses.

34% of organizations outsource the aspects of the ICS/SCADA security. 58% of the organizations have had at least one OT security breach in the past 12 months. Only 10% report never having had an OT security breach.

There are best practices in protecting Industry 4.0 environments. There is the next generation air gap. Each system and sub-system is limited to performing a specific job, applying control. Specific security objectives need to be in place. Know who is lurking on the system, or visibility. Cover for vulnerabilities and threat vectors.

Finally, assume that the system has been compromised. That's the best approach to take. Lastly, adopt a holistic approach to safety, reliability and security. Rely on the industry best practices, policies and standards. Have best practices and guidelines.

Fortinet recommends following ISO/IEC 27001: 2013, ISA/IEC 62443 standards series and NIST cyber security framework for governance, risk and compliance. The approach should be holistic, consistent and gradual. For security architecture, follow TOGAF, PERA, SABSA and EISA.

Fortinet offers a standards-based platform approach. Fortinet uses the Fortinet Security Fabric platform that conforms with the industry standards and offers standard-based defence in-depth cyber security. We have a platform approach to cyber security. There is security-driven networking and zero trust network access.

Fortinet also provides dynamic cloud security and AI-driven security operations. It is how you operate and maintain a technology over the lifecycle.

Do not rely on assumptions. The digital attack surface is perpetually growing with the connected digital infrastructure. Identify the weaknesses in your digital infrastructure. Apply risk-based approach. Devise a holistic cyber security strategy by following industry standards. Choose a platform approach, rather than point products. Cyber security does not end with security zones and conduits. It is a lifecycle. You are recommended to audit your security implementation using industry standard compliant frameworks to identify gaps in the implementation, and for continuous improvement.

Rajguru discussed on RaaS. Is this a passing fad? What is the way out of this?

 Farhan Khan, CIO of Radico Khaitan, said there are sophisticated dacoits, and you have to protect yourself. This is happening all across the social fabric. They are able to come up with certain examples to hack. Covid-19 is not a situation, but a crime. Attacks have increased during Covid-19. Facebook, Google, etc., have granted WFH till October 2021. Aasef Iqbal added that hackers are using crypto mining.

Are ransomware attacks not happening in India? Are the Indian IT professionals able to deflect the attacks. Khan said there are attacks happening in India. There was a server that was attacked. We just cut it off, and that was it.

Which are the countries and industries targeted? Everyone! Will there be sudden move to digitization, and will that lead to more attacks? Yes! The data needs to be updated and stored at safe places. The attacks have increased in multiple ways.