This week it became public that multiple industrial facilities had interrupted operations due to ransomware attacks.
This led to a disruption of human-machine interfaces (HMIs), data historians, and polling servers, which were no longer able to process data from low-level industrial control systems (ICS). Human operators could no longer monitor processes, but the attack did not affect programmable logic controllers (PLCs) and the targeted organization never lost control of operations.
These were incidents that could have been prevented.
Segregation of IT and OT networks is a crucial security measure. But that is easier said than done…
Sure you can propagate a complete air gap but in reality that proves not to be practical strategy for the majority of companies. Firewalls are the right mitigation against cross-networks connectivity. Sounds like a straight forward solution: buy the hardware and licenses, install and done. Protection is in place! In practice however there is much more to managing this critical piece of infrastructure; the firewalls must be industry grade, configure following the default-deny principle and, very important, maintain them with patching and health assessments.
Make it periodic activity to review the configuration, policies and rules to ensure that your OT network is still properly separated. CR-Team can assist you with the review, assess your OT network for rogue access points, unauthorized remote access, unmanaged assets, active malware and other flaws in your protection.
Please reach out to us, we secure OT.