Skip to content
Tiatra, LLCTiatra, LLC
Tiatra, LLC
Information Technology Solutions for Washington, DC Government Agencies
  • Home
  • About Us
  • Services
    • IT Engineering and Support
    • Software Development
    • Information Assurance and Testing
    • Project and Program Management
  • Clients & Partners
  • Careers
  • News
  • Contact
 
  • Home
  • About Us
  • Services
    • IT Engineering and Support
    • Software Development
    • Information Assurance and Testing
    • Project and Program Management
  • Clients & Partners
  • Careers
  • News
  • Contact

Operational technology systems require a robust Zero Trust strategy in 2024

Cyberattacks on operational technology (OT) systems are rapidly rising. In fact, manufacturing was one of the sectors most impacted by extortion attacks last year, according to Palo Alto Networks Unit 42, as reported in the 2023 Unit 42 Extortion and Ransomware Report. 

Attacks against OT systems can have a significant impact, including physical consequences such as shutdowns, outages, leakages, or worse. The Colonial Pipeline attack in 2021  is one of the most well-known examples of a major OT attack;  the attack prompted a temporary shutdown of nearly half the gasoline and jet fuel supply delivered to the East Coast. That led to fuel shortages and price hikes.​​

Why is this sector at such risk? There are several factors which we’ll explore in this piece. The good news is that a Zero Trust approach can go a long way toward helping organizations take back control and develop a more robust security posture.

How we got here

With the rise of digital transformation, we’ve seen the increased convergence of IT and OT systems. As a result, OT systems that were previously isolated are now connected and therefore accessible from the outside world, making them more at risk of being attacked.     

Another factor that has increased the security risks in this sector is that critical infrastructure often relies heavily on legacy systems. This means many systems are running older, unsupported operating systems. They weren’t designed with cybersecurity considerations in mind, and they can’t be easily patched or upgraded because of operational, compliance, or warranty concerns.

Manufacturers also face a lack of skilled employees who can manage these converged environments. An August 2022 survey by the National Association of Manufacturers found that three-quarters of respondents named attracting and retaining a quality workforce as one of their top business challenges. Finding people with cybersecurity expertise is an ongoing challenge – with ISC(2) putting the global cybersecurity skills gap at 3.4 million people – and finding people with both security and OT knowledge is even more difficult.

The rise of ransomware and increased regulations

Not only are manufacturers grappling with the above trends, but they’re also under constant pressure to keep operations up and running.  A ransomware attack on a factory can cripple a business’s ability to produce products, leading to days if not weeks of downtime, resulting in financial loss.

Bad actors are increasingly seizing this opportunity. In fact, manufacturing has become the second most targeted sector in Unit 42’s client base for ransomware attacks.

On top of being a target for ransomware and other cyber attacks, governments have noticed the exposure manufacturers face and have imposed more regulations. Most notably, as of December 18, the Securities and Exchange Commission will now require larger publicly traded companies to report a cyber incident within four days, a regulation that puts even more pressure on companies to be ready to understand and act fast. This doesn’t just apply to manufacturing companies, but rather, all publicly traded companies.

Starting with a foundation built on zero trust  

Manufacturers have multiple environments to protect that run on different operating systems and applications. There are OT devices and networks (for example, the factory floor.) There are remote operations. And there are 5G connected devices and networks at the cutting edge of deployments. Neither IT nor OT managers have tools that offer visibility into all of the different environments, applications, systems, and devices.

Without visibility, it’s pretty much impossible to know if there are vulnerabilities within any of these devices. This, coupled with the difficulties in operating excessively complex systems creates exponential risk from threat actors, often with the threats outpacing the ability of the technology teams to prevent attacks. The reason that ransomware works in manufacturing is because those Windows-based operation controls are largely identical to those found on the business side of the house.

A Zero Trust approach – especially at the higher architectural layers of a factory where OT and IT first converge – can help solve many of these issues. Zero Trust is predicated on a simple concept – trust no one. It’s a strategic approach that eliminates implicit trust and continuously validates every stage of a digital interaction to secure an enterprise. By implementing a Zero Trust strategy, you apply security to users, devices, applications, and infrastructure in the same consistent manner, across the entire organization. A Zero Trust framework makes it easier to secure all of the different environments within a manufacturer.

Think of Zero Trust as a framework that includes the following principles/steps:

  1. Gaining visibility of all assets – and their inherent risks:  Broad visibility that includes behavioral and transaction flow understanding is an important step to evaluate risk and also to inform the creation of Zero Trust policies.
  2. Applying Zero Trust policies. These include least-privilege access and continuous trust verification, an important security control that greatly limits the impact of a security incident. This must include continuous security inspection, which ensures transactions are safe by stopping threats without affecting user productivity.
  3. Making it simple to operate. Don’t throw multiple point solutions at every environment. This creates more complexity, costs more, and can ultimately leave security gaps. You need to ensure a seamless experience and integration with your IT team.

A Zero Trust approach plays a central role in helping OT organizations remain operationally resilient, reduce the potential attack surface, and minimize new or expanding risks brought on by digital transformation. The reality is that OT is likely to continue to be a major target for bad actors in the foreseeable future. And for most organizations, there will be a constant struggle to find and retain talent with the right skills. These are almost inevitable factors, as is the continued convergence of IT and OT. IT leaders working in OT have a unique set of challenges, and it can certainly feel like an uphill battle at times, but starting with Zero Trust provides the foundation for creating a stronger, better security posture now.

To learn more, visit us here.

Security
Read More from This Article: Operational technology systems require a robust Zero Trust strategy in 2024
Source: News

Category: NewsDecember 5, 2023
Tags: art

Post navigation

PreviousPrevious post:DS Smith sets a single-cloud agenda for sustainabilityNextNext post:11 ways to reduce your IT costs now

Related posts

Barb Wixom and MIT CISR on managing data like a product
May 30, 2025
Avery Dennison takes culture-first approach to AI transformation
May 30, 2025
The agentic AI assist Stanford University cancer care staff needed
May 30, 2025
Los desafíos de la era de la ‘IA en todas partes’, a fondo en Data & AI Summit 2025
May 30, 2025
“AI 비서가 팀 단위로 지원하는 효과”···퍼플렉시티, AI 프로젝트 10분 완성 도구 ‘랩스’ 출시
May 30, 2025
“ROI는 어디에?” AI 도입을 재고하게 만드는 실패 사례
May 30, 2025
Recent Posts
  • Barb Wixom and MIT CISR on managing data like a product
  • Avery Dennison takes culture-first approach to AI transformation
  • The agentic AI assist Stanford University cancer care staff needed
  • Los desafíos de la era de la ‘IA en todas partes’, a fondo en Data & AI Summit 2025
  • “AI 비서가 팀 단위로 지원하는 효과”···퍼플렉시티, AI 프로젝트 10분 완성 도구 ‘랩스’ 출시
Recent Comments
    Archives
    • May 2025
    • April 2025
    • March 2025
    • February 2025
    • January 2025
    • December 2024
    • November 2024
    • October 2024
    • September 2024
    • August 2024
    • July 2024
    • June 2024
    • May 2024
    • April 2024
    • March 2024
    • February 2024
    • January 2024
    • December 2023
    • November 2023
    • October 2023
    • September 2023
    • August 2023
    • July 2023
    • June 2023
    • May 2023
    • April 2023
    • March 2023
    • February 2023
    • January 2023
    • December 2022
    • November 2022
    • October 2022
    • September 2022
    • August 2022
    • July 2022
    • June 2022
    • May 2022
    • April 2022
    • March 2022
    • February 2022
    • January 2022
    • December 2021
    • November 2021
    • October 2021
    • September 2021
    • August 2021
    • July 2021
    • June 2021
    • May 2021
    • April 2021
    • March 2021
    • February 2021
    • January 2021
    • December 2020
    • November 2020
    • October 2020
    • September 2020
    • August 2020
    • July 2020
    • June 2020
    • May 2020
    • April 2020
    • January 2020
    • December 2019
    • November 2019
    • October 2019
    • September 2019
    • August 2019
    • July 2019
    • June 2019
    • May 2019
    • April 2019
    • March 2019
    • February 2019
    • January 2019
    • December 2018
    • November 2018
    • October 2018
    • September 2018
    • August 2018
    • July 2018
    • June 2018
    • May 2018
    • April 2018
    • March 2018
    • February 2018
    • January 2018
    • December 2017
    • November 2017
    • October 2017
    • September 2017
    • August 2017
    • July 2017
    • June 2017
    • May 2017
    • April 2017
    • March 2017
    • February 2017
    • January 2017
    Categories
    • News
    Meta
    • Log in
    • Entries feed
    • Comments feed
    • WordPress.org
    Tiatra LLC.

    Tiatra, LLC, based in the Washington, DC metropolitan area, proudly serves federal government agencies, organizations that work with the government and other commercial businesses and organizations. Tiatra specializes in a broad range of information technology (IT) development and management services incorporating solid engineering, attention to client needs, and meeting or exceeding any security parameters required. Our small yet innovative company is structured with a full complement of the necessary technical experts, working with hands-on management, to provide a high level of service and competitive pricing for your systems and engineering requirements.

    Find us on:

    FacebookTwitterLinkedin

    Submitclear

    Tiatra, LLC
    Copyright 2016. All rights reserved.