Achieve Your Industrial Control Systems Digital Transformation by Securing Your Legacy Infrastructure

By: Jessica Ohnona

As critical infrastructure sectors drive towards Industry 4.0, they are inevitably opening their organizations up to the potential new cyber threat and vectors. Operational Technology (OT) operators are now faced with the arduous task of counterbalancing between increasing business demands and security in implementing smart technologies to enhance productivity while retaining the safety and integrity of their cyber-physical assets. While industry 4.0 offers the promise of improved efficiency, its increase in interconnectivity and elevating complexity requires an equivalent level of cybersecurity awareness.

The power of Artificial Intelligence and Machine Learning (AI/ML) now pervades every aspect of Industry 4.0 and is becoming equally critical in counteracting and mitigating cyber risks. Machine learning as a defense capability for cyber-physical processes has helped to augment productivity by helping accelerate threat detection and response times. Nevertheless, AI/ML-powered OT cybersecurity solutions have had significant limitations to date as they have been confined to learning within their individualized networks, leaving a security gap for operations that rely on both IP-based devices and older serial-connected devices – that is up to now. You can now close the gap between the old and new with IP and serial network intelligence to enhance security from the highest to lowest levels of the operational process chains.

As we have seen over the past few weeks, Industrial Control Systems (ICS) are increasingly vulnerable to cyber-attacks as they become more connected to routable networks. To compound the growing problem, the majority of digital transformation initiatives have focused disproportionally on IP-centric technologies and have all forgot about legacy ICS systems.  Ignoring your legacy infrastructure, or inadequately addressing its monitoring and security will absolutely leave you vulnerable to potential cyber events and attacks. It has been reported that 9 out of 10 organizations across manufacturing, energy and utilities, healthcare, and transportation experienced at least one OT system intrusion in the past year, up 19% from 2019[1].

Here are 5 things to consider regarding your ICS Digital Transformation:

  1. Legacy ICS is still very prevalent. Serial communications for our Critical Industrial Communication Systems are not going away any time soon; there is a large number of ICS devices that still rely on serial communications. As Richard Robinson stated in a blog on IT OT convergence: “ICS vendors are still manufacturing devices based on serial (legacy) connectivity, meaning serial communications will exist in ICS for decades to come”[2]. Replacing those devices can get very costly and operators are skeptical to experience downtime in their environments.
  2. Trust serial communications for reliable data. As mentioned in recent SANS report on “Collection and Analysis of Serial-Based Traffic in Critical Infrastructure Control Systems”, legacy protocols“tell a more accurate story about what plant equipment is being told to do and what it is actually doing”[3]. If you only monitor on the IP level, your system could already be compromised. Serial communications give you a last line of defense to ensure you know what is actually happening in your environment.
  3. Protect your serial communications. TCP/IP cybersecurity platforms do not have true visibility into serial-connected devices. From the SANS report: “these systems can be bypassed, and without looking at serial data, it is harder to tell if the information being reported by these systems is accurate.”[4] Serial communications are not encrypted or authenticated, making them easily susceptible to attacks if not secure.
  4. More connectivity is associated to more risk. Organizations are rapidly connecting IT technologies in their OT environments because of all the benefits that come with it, such as increased efficiency but that brings along a lot of risks to your infrastructure. IoT/OT sensors are increasingly being connected to IP networks allowing remote access, which means they can also be attacked over the internet from every point on the globe.” [5] Adversaries now have way more ways, tools and tactics available to get access into your system.
  5. Use Machine Learning to detect intrusions in your system. Not only is it important to monitor the IP level, but the serial level will actually tell you what is happening with the physical processes. Cynalytica’s OT OptICS incorporates the power of machine learning to enhance intrusion detection of serial-connected ICS. It will work autonomously to baseline your environment in order to learn how it should behave and will even tell you if there is already something abnormal in your system.

Serial communications need to be monitored instead of being ignored. Legacy infrastructure can now be monitored safely and securely. For more information, please read this blog post on IT/OT convergence: Reducing Cyber Exposure of Legacy Assets.

[1] [Fortinet: 2020 State of Operational Technology and Cybersecurity Report]

[2] https://cynalytica.com/it-ot-convergence-reducing-cyber-exposure-of-legacy-assets/

[3] https://www.sans.org/reading-room/whitepapers/ICS/collection-analysis-serial-based-traffic-critical-infrastructure-control-systems-40125

[4] https://www.sans.org/reading-room/whitepapers/ICS/collection-analysis-serial-based-traffic-critical-infrastructure-control-systems-40125

[5] https://www.fortinet.com/blog/industry-trends/addressing-the-security-risks-of-digital-transformation-on-iot-and-ot

About the author: Jessica Ohnona is the Executive Vice President of Data Science and Analytics for Cynalytica, Inc.