Security in operational technology
Jalal Bouhdada, founder and principal ICS Security Consultant for Applied Risk, offers some thoughts on operational technology (OT) security trends for 2018.
Following an upsurge of Internet of Things (IoT) devices being utilised in industrial environments and critical infrastructures, OT security needs to be given top priority.
The following are some of the top security trends that I am watching out for this year:
* Wireless: a major attack inevitable - Perhaps the single most unsettling piece of news in 2017 was that the ubiquitous WiFi security protocol, WPA2, has a fundamental flaw which is unlikely to be addressed in the majority of WiFi enabled devices. The challenge in 2018 is that the use of wireless communications, including Low Power Area Networks, will continue to grow in line with IoT device deployments. This will result in a far greater OT attack surface which is not being adequately protected with second and third lines of defence. A high-profile malware attack is probable.
* The skills shortage will drive security automation - It’s been predicted by Frost and Sullivan that the shortfall of skilled security professionals compared to the market needs could be as high as 1.5 million by 2020. This will drive investment in alternative service models for the security industry, and we expect to see innovative new products and processes based on artificial intelligence for both monitoring and testing to safeguard industrial environments.
* Advanced persistent threats will infiltrate more OT environments - As the Industrial IoT grows, in terms of both device numbers and data volumes, the challenge of detecting and closing down advanced persistent threats (APT) becomes harder to achieve. Even relatively well understood and straightforward techniques, such as data exfiltration over DNS, remain stubbornly easy to exploit. Investments in knowledge sharing and networking monitoring are not yet at the scale required to fight APTs effectively.
* Security-by-design will start to improve ICS security - The good news is that heightened awareness of security issues in critical environments is having an effect. More teams are integrating ‘security-by-design’ into their development cycles for industrial control systems, creating products that take into account current and future threat concerns. There is still a long way to go to make this the norm, but legislators around the world are building strong regulations and frameworks which penalise security weaknesses.
Source: Control Engineering Europe - All Articles