What makes operational technology (OT) particularly vulnerable to cyber attacks?

Third Party Risk Management (TPRM)Threat & Vulnerability ManagementThreat Intelligence & Incident Response
1.2k views3 Comments
Sort By:
Oldest
CISO in Software2 years ago
PLCs and other 30-year-old equipment are running Windows CE or Windows 95, which can't be changed. You can't put EDR on them because it doesn't take an agent, so what do you do? You either have to take it off the network, put it in its own VLAN or segment it off the network to keep it from talking to anything. I always hear that the bad guys are just sitting in your network waiting, and it frustrates the heck out of me. That's why I came to Air Gap because we ring-fence every device on the network, and we're doing that for operational technology (OT) environments.

But another factor is that at many manufacturing companies, there's an OT team and an IT team that are in conflict with each other all the time. The OT lead will say, "The IT team doesn't get it because our machines are running protocols that no longer exist in the IT world.” OT is running ISA cards in the machines and IT is telling them to upgrade to USB. But OT says, "No, because that will break the manufacturing line and then it will be your fault when production is down." It’s an interesting problem to solve: how can we get IT and OT to start working together, or be one group? It's not easy.
1 Reply
VP, Director of Cyber Incident Response in Finance (non-banking)2 years ago

You often hear that same frustration: why would somebody just be sitting in your network and not doing anything? You’d think that they would be looking around for a way to take action on that endpoint or network. But they could just be an access broker that will wind up selling that access at some point down the road.

lock icon

Please join or sign in to view more content.

By joining the Peer Community, you'll get:

  • Peer Discussions and Polls
  • One-Minute Insights
  • Connect with like-minded individuals
SVP in Finance (non-banking)2 years ago
It’s because there are so many firms using end-of-life products, especially in the manufacturing sector. They can't be upgraded. The software that was developed years ago is no longer in use anywhere, so you can't even ask for an updated patch. They’re just assuming the risk and operating it, which is pretty common these days.

Content you might like

In the past 6 months, have you seen an uptick in targeted cyberattacks on telehealth devices and networks?

Security & GRCNetworkThreat & Vulnerability Management+2 more

No Increase16%

1-5% increase47%

6-25% increase24%

26-50% increase6%

51-75% increase1%

76%+1%

Other2%

View Results
1.7k views1 Upvote

How do you ask your third parties to notify you if they have had a cyber incident? Does your process work efficiently?

IT Strategy & RoadmapSecurity Strategy & RoadmapThird Party Risk Management (TPRM)
Director of IT in Softwarea month ago
To ensure third parties notify you of cyber incidents, include specific notification requirements in your contracts, detailing the timeframe and method of communication. Define clear incident response procedures within the ...read more
1
Read More Comments
1.8k views3 Comments

Any tips for achieving seamless interoperability between a CNAPP and your org’s other security tools? Have you managed to fully integrate your CNAPP with the rest of your stack?

Enterprise ApplicationsThreat Intelligence & Incident ResponseIntegrations
CISO in Softwarea month ago
Seamless is usually not possible unless you choose a "suite" or a platform where the integration is natively performed as being part of the platform.  
3k views1 Comment

Single sign-on (SSO) increases the chance of a major network security breach.

Single Sign-On (SSO/SAML)Identity & Access Management (IAM)Third Party Risk Management (TPRM)

Strongly agree4%

Agreee59%

Neutral23%

Disagree12%

Strongly disagree1%

View Results
3.8k views2 Upvotes3 Comments

How do you proceed with DarkWeb monitoring? Do you monitor it yourself or have you commissioned a service provider?

Security Strategy & RoadmapSecuritySecurity & GRC+1 more
CISO in Insurance (except health)3 months ago
Even if you monitor the dark web yourself with your security resources; I still recommend a service provider because when monitoring all channels and dark web for nefarious activity or planned activity against your company ...read more
Read More Comments
760 views8 Comments