This is part 1 of a 2-part article about the 3-phase approach to OT zero trust.
As the digital transformation progresses and more connected, more powerful technologies are unveiled, cybercriminals and security specialists constantly develop new forms of attack and defense. Threats to OT are considered to begin in 2010, when the Stuxnet worm compromised programmable logic controllers (PLCs) in Iranian nuclear power plants. From there, attackers were able to send commands that would destroy what a Dec. 22nd, 2010 report from the Institute for Science and International Security estimates to be 1,000 centrifuges. This would have been about a fifth of Iran’s centrifuges gone in one massive cyber incident.
After the Stuxnet attack it became the new normal for state-sponsored actors to attempt similar attacks on critical infrastructure organizations. This changed in 2017 when a worm called WannaCry caused widespread operational havoc, and malware based on the same“EternalBlue” SMB vulnerability became extremely common. By viciously striking at weak points like the EternalBlue vulnerability, bad actors seek to terrorize organizational heads into coughing up fat ransoms for the return of their assets – this is known as the fundamental pattern of cyber crime.
As of 2020 and 2021, these kinds of customized and targeted attacks have become commonplace. All cyber attacks have one factor in common: exploitation of excessive trust. Modern ransomware attacks are often brought to the shop floor in ways that are assumed to be trustworthy, such as an official update from a vendor or service provider that attackers have managed to infect or a long-time employee (intentionally or unintentionally) carrying in an infected laptop. Preventing incidents means comprehensive cyber defenses that can prevent these kinds of infections, and traditionally comprehensive cyber defenses demand resources and maintenance that operational technology environments cannot support.
The OT zero trust methodology informs policy to be more flexible and easy to understand, simplifies oversight by restricting unnecessary communications and communication channels, and minimizes the need for maintenance. This stops most threats before they happen, and if an attacker or a piece of malware does get access to the system their privileges are limited so that the incident is contained.
To create an OT zero trust foundation:
Phase 1: Scan inbound devices. Learn more
Phase 2: Activate endpoint defenses. Learn more
Phase 3: Zero out network trust. Learn more
Next week, we’ll take a closer look at each of these three phases.