1 Executive Summary
Operational Technology (OT) is a term that encompasses computing equipment deployed in diverse environments such as factories, warehouses, cities, power generation and distribution facilities, water treatment plants, vehicles, etc. Industrial Control Systems (ICS), a subset of OT, include sensors, Programmable Logic Controllers (PLCs), and Human-Machine Interfaces (HMIs). OT systems can include specialized equipment provided by hardware manufacturers as well as more traditional IT servers, desktops, laptops, and tablets. In this paper, we will focus mainly on ICS.
ICS environments are at risk of targeted attacks by APT actors and cybercrime groups. APT actors generally involved in espionage operations, denial of service, or campaigns to destroy data and equipment. Cybercriminals' weapon of choice is most often ransomware, and they may purposely or inadvertently infect ICS environments. Regardless of the type of actor or malicious techniques used, the consequences can be very serious for the victim organization: production outages, power outages, spoiled goods, loss of trade secrets and other critical information, and even the destruction of computing and controls equipment are a few examples.
Innovations in data analytics technologies can be harnessed in ICS environments to better understand loads and customer demands, expedite production and deliveries, speed up Just-in-Time supply chains, facilitate predictive maintenance, and more. Access to many of these tools requires communication with enterprise IT components. Opening the door between OT and IT offers the possibility of productivity gains, increased revenue, expense reduction, and better value for customers. However, such connectivity can exponentially increase risks.
On the positive side, over the last decade or so, advancements in IT security technology and tooling can be brought to bear against adversaries in the ICS realms. Network Detection & Response (NDR) and Distributed Deception Platforms (DDP) are two types of security solutions that can be used to improve the security posture in organizations with ICS technologies. Both NDR and DDP are evolving toward XDR, or eXtended Detection & Response. Many solutions in the NDR, DDP, and new XDR space understand the device types, protocols, and topologies used in the most common ICS deployments.