Written by Danielle Jablanski, OT Cybersecurity Strategist, Nozomi Networks.
As cybersecurity moves into 2023, the trends from the past few years remain firmly in place. Australian organisations are increasingly focused on optimising their use of technology, and on the convergence of operational technology (OT) and information technology (IT). There has been a rapid pace of innovation in these sectors, but with these evolutions security continues to be of utmost importance. In the coming years it will be more important than ever for companies to have a clear understanding of their operational technology assets.
Blending these two sectors has introduced challenges, and has led to enhanced government regulation, in the form of the Security Legislation Amendment (Critical Infrastructure Protection) Act 2022. Organisations are now keenly aware of how little they can tolerate downtime, and cybercriminals have figured this out too.
Critical infrastructure, industrial sectors and hyperconnected facilities are fast becoming lucrative targets for cyber-attackers. For these newly digitalised sectors, disruption can have large knock-on effects to the entire organisation and public at large, and ransom payments have grown to match this new demand. It may soon be illegal to pay out a ransom, but the financial loss from downtime, or the reputational impacts from a data breach, can be just as damaging as the financial payout.
Predicting the future of the operational technology (OT) and industrial control systems (ICS) industries is challenging because data in these fields is often difficult to access. Private, distributed, or paywalled data makes it difficult to make accurate predictions. However, 2023 is likely to be a significant year for these industries, as increased cybersecurity investments will be necessary to protect against ransomware, unplanned downtime, and other potential threats. This is particularly important as a recession could worsen the impact of these threats on businesses.
Converged OT and IT becomes the norm
Going into 2023, businesses are finding the right operating model for OT security, managing with limited in-house skills, and re-working already established IT responses. IT and OT have traditionally been substantially different fields with divergent priorities. For OT, IT teams may not have access to the right OT knowledge to process data in a response or triage situation, whereas OT engineers have this complete knowledge of continuity and safety issues, but don’t necessarily have the IT expertise to understand how to process security data and assess continuity impacts.
These challenges have led to the development of new technologies. A decade ago, intrusion and anomaly detection tools for OT and ICS were only just emerging on the market. Today, cybersecurity is expanding and maturing in new ways. Collaboration with governments and other organisations has seen a more holistic understanding of risks and solutions develop, and this will only continue as new threats appear. IT continuity and risk assessments will extend to OT, perhaps using risk and impact frameworks to develop scenarios that could play out on the industrial side of the business.
The convergence of IT and OT has increased over the last few years and will become the norm. Understanding this, several cybersecurity companies which traditionally have served IT are entering the OT cybersecurity market. Market analysis is predicting a major boom, and the current leaders in the market are set for a crowded table in 2023. The biggest drivers of this demand? Detection, digital transformation, operational resiliency, interoperability, governance and standards.
ICS will continue to be a lucrative target for hackers
Cyber threats will continue to rise. ICS are not immune from the severity of cyberattacks, demonstrated in 2022 with INCONTROLLER. The attack was fortunately thwarted before any incident, but as only the fourth attack featuring malware targeting ICS, the rare and serious nature of this capability demonstrates that industrial operations will continue to be targets in the future, and response tools need to improve to keep pace. With growing integration of ICS into organisation-wide networks, the profitability of an attack has increased, as has the surface area for vulnerabilities.
Governance will set new precedence
Both private and public sector worked on internal governance in 2022, and the collaboration with the private sector will provide greater situational awareness, and better analysis of industries at risk in 2023. Internal governance will work to further build asset inventories, delegate security responsibilities, and bring OT and IT under one umbrella.
Federal government regulation expanded in 2022, and this is likely to continue in 2023. The 2022 amendments to the Security of Critical Infrastructure Act (SOCI) introduced mandatory reporting of assets and cybersecurity incidents with the aim of providing organisations with the resources of a government organisation, and ensuring critical infrastructure is secure for national security. To date, government responses have adapted to threats as they arise, but the new SOCI amendments legislate a proactive approach, and have built in a strategy for the next few years.
Innovative analysis will set solutions apart
As we move into the future of OT cybersecurity, innovation in the ability to provide situational awareness with trust and verification will be crucial. Many organisations have tools that can gather and store data, but they often fail to analyse that data in order to improve their mission. Simply having and storing large amounts of data is not enough for effective risk mitigation. That’s why solutions specifically designed for OT and ICS environments will continue to be important in fixing security gaps and improving security controls.
Behavioural analysis and anomaly detection can play a key role in enhancing threat intelligence and overall security postures for network operations. Anomaly detection can alert on deviations from normal communications patterns, as well as variables within processes such as sensor readings and flow parameters. By combining this process data with communications data, we can gain actionable intelligence that informs security procedures and reduces overall risk.
The receipts
In Australia and around the world, the importance of protecting critical infrastructure and building resilience across industrial sectors and hyperconnected facilities is becoming increasingly clear. Governments, public-private partnerships, insurance providers, and international organisations are all recognising the need for robust cybersecurity measures in the face of growing threats. In the coming year, trust and verification will be more important than ever for OT cybersecurity stakeholders, who are concerned with everything from physical safety and environmental impacts to the provision of goods, services, and resources. As we move into 2023, it’s likely that we’ll see a greater emphasis on ‘showing the receipts’ and providing proof of the effectiveness of cybersecurity measures.
