Ever since the US government’s now-infamous Stuxnet campaign, cyber assets have represented a way for governmental and for-profit threat actors to worm their way into the defenses of essential operations.
Nowadays, Operational Technology (OT) networks are bigger and better-connected than ever.
As a result, attackers are seeking new ways in: whether via the programmable logic controller (PLC) or the graphical controls of a human machine interface (HMI), the zero-trust network access (ZTNA) approach now securing IT offers promising returns for OT and Internet of Things (IoT) security.
Throughout the development of IoT and OT, these devices have historically enjoyed greater safety simply by remaining air gapped and offline.
In the last half decade or so, however, OT has evolved into cyber-physical systems; smart systems that make up an ever-interacting map of physical and compute devices. Across healthcare, smart factories, and city infrastructure, these highly-complex systems make the world go round. It’s in medical systems – supporting high-risk pregnancies with sensors that relay data back to the hospital in real-time – and city infrastructure – detecting structural changes within the electrical grid with fiber optic sensing.
In the background of OT becoming internet-connected, another factor has become important: international conflict. With geopolitical tensions rising, governmental actors are now able to unleash attacks directly on critical infrastructure.
This has been exemplified by a rash of recent attacks focusing on wastewater treatment facilities. November 2023 saw Iranian cyber group ‘CyberAv3ngers’ target a PLC-HMI system manufactured by Unitronics, an Israeli PLC manufacturer. By first obtaining visibility into internet-connected OT devices, these threat actors were then able to identify which of these were vulnerable, and which were critical to a water treatment’s facilities.
Because of Unitronics’ popularity in OT supply, this essentially acted like a supply chain attack. So, several thousand miles from Iran, a water plant in Aliquippa, Pennsylvania, suddenly went down.
In this case, the affected PLC-HMI had disrupted the pressure regulation pumps.
The Aliquippa plant wasn’t the only one: at the same time, the industry reported similar outages across the world. As the targeted equipment had a graphic interface, the attackers had created a custom message to display upon attack completion: all equipment made in Israel is a target.
In early 2024, pro-Russian threat actors followed suit, unleashing their own versions of minor cyber nuisances.
Maxing out setting values, turning off alarm processes, and changing admin passwords led to a few victims in the US seeing minor tank overflow events. The CISA publication identifies one key similarity between all targets: all of them were internet-connected and had weak sign-in settings.
At its core, zero trust access is about knowing what’s on your enterprise network. On a basic level, a corporate network overview needs to include every OT and IoT device, alongside which private network they’re connected to.
Asset discovery is achieved through two main techniques:
The first approach demands a node or appliance that has secure access to all OT network areas and regularly queries all connected devices. Passive asset discovery, on the other hand, sets up nodes that listen to the communications occurring between OT components.
Both of these approaches then funnel all information gained into a central database. Unlike IT, however, OT systems are often incredibly delicate, running on legacy and long-lifespan cycles. This means that active asset discovery may not be suitable for every single device.
Furthermore, it’s often impossible to install agents or software directly onto OT devices. This is why network-based segmentation is so vital for protecting OT assets.
Rather than relying on basic credential input, ZTNA takes the entirety of a device’s posture into account before granting access. This device posture validation process is crucial to the idea of micro segmentation: rather than assuming trust from a user’s VPN login, any OT login attempt is funneled via a ZTNA solution that assesses whether a user’s device matches all expected aspects.
This can include certificates, location, and behaviors.
Alongside solving the authentication issue for OT, ZTNA tools make all network and application infrastructure invisible to the wider internet by creating outbound-only connections. This directly cuts off the attack MO seen in this year’s exploitation attempts, where attackers have discovered vulnerable ports through the public internet.
Zero Trust places the principle that users may not have good intentions or maintain proper security hygiene front and center. To support this, Perimeter 81 integrates with your pre-existing identity provider, and grants full visibility into activity monitoring and logging across all network-connected devices.
Not only do administrators have access to network activity logs, but Perimeter81 further integrates with various SIEM cloud services like Amazon S3, Splunk, and Azure Sentinel for enhanced reporting and analysis.
Because of this, your IT and OT devices can be centralized across a single platform, drastically speeding up resolution times and maintenance. Day-to-day operations become faster as well, as remote workers are able to securely log on and verify their access with dedicated, global infrastructure.
Get in touch with Perimeter 81, and reach new heights of network security in minutes.