The convergence of information technology (IT) and operational technology (OT) networks is accelerating due to the many benefits that come with the union of these two environments.
OT is used to control and monitor critical infrastructure such as manufacturing; power distribution; water, oil, and gas pipelines; sewage systems; wind turbines; and so much more. By connecting to the cloud and taking advantage of the merger of OT with IT, critical infrastructure can be data-driven and remotely operated.
With infrastructure no longer in isolated and standalone environments, connected OT can run infrastructure more efficiently, automatically, and cost-effectively. However, if the infrastructure is dependent on legacy hardware and decades-old software there is a big problem.
This arrangement opens the door wide to cyberattackers, including those who use Cybercrime-as-a-Service kits readily available on the dark web. Cybercriminals are becoming more skillful and resourceful, and their attacks against OT environments are becoming increasingly common as a result.
Threat intelligence tells us that Linux platforms are in the cybercriminals' crosshairs, but attackers also have their eyes on modern OT sensors and other technology. For example, IT systems running on Microsoft Windows that are connected to OT have big vulnerabilities. Attackers are not targeting OT environments directly, but rather targeting IT, and then leapfrogging or moving laterally into OT environments. This is a fast-growing and frightening worldwide trend.
Taking Advantage of Opportunities
The bad guys are taking advantage of this opportunity because most legacy infrastructure and OT systems weren’t designed and built with cybersecurity at the core. Whether they are part of organized criminal gangs or sponsored by nation-states, attackers seem to have no qualms about targeting OT and causing disruption—even if it can lead to severe devastation and the loss of life.
This vulnerability and these aggressive threat actors are creating a real sense of urgency for the CISOs and IT teams responsible for keeping critical infrastructure safe. To keep things up and running, organizations need to elevate their game to better protect their OT networks. Fortunately, this is also where opportunity knocks and the door can open for the good guys — managed security service providers (MSSPs), come on in!
The Emerging OT Market
Any MSSP that wants to expand its customer base should be taking a hard look at the emerging OT market that has enormous potential. Many traditional MSSPs are evaluating the OT space and seeing it as a growth opportunity. To be successful in tackling the OT landscape, MSSPs need only take some of their tried and true practices and apply them to the OT landscape.
MSSPs can help IT leaders in these OT verticals better understand what’s at stake. If a data breach in enterprise environments has an average cost of more than $4 million, then that cost for a breach in OT environments can be much higher when you consider manufacturing and supply chain concerns. OT organizations need all the help they can get in securely monitoring and managing OT environments that are typically very diverse and very broad.
A Different Set of Challenges
Currently, the OT cybersecurity market is not overly burdened by a lot of competing MSSPs. So there is a rare chance for service providers to establish themselves early in this emerging market. However, there are challenges that MSSPs must take into account. One of the issues in protecting an OT environment is how it is not like monitoring a PC, where there's a human being in front of a screen who can assist by providing information, responding to requests, and taking action.
With OT cybersecurity, it is often about monitoring devices that are sitting in distant and remote locations on their own—for example, measuring water quantity or quality or temperature—and there's no human being in the vicinity to help if a malfunction occurs and something goes haywire.
Clearly, securing the OT landscape has a different set of challenges with a different set of risk profiles. There’s certainly more at stake when comparing a cyberattack on someone's desktop PC that could lead to the takedown of a company versus a cyberattack on a city’s water supply—which happened at a Florida water treatment plant in February 2021—threatening an entire population.
How MSSPs Can Assist OT Organizations
If MSSPs want to make headway into the OT cybersecurity space, they need to come into the market with a strong philosophy and appropriate solutions. The philosophy should be that OT organizations should be proactive and neutralize attacks instead of continually responding and reacting to events.
To offer the best solutions, MSSPs must partner with a cybersecurity vendor that knows the needs of OT stakeholders and has industry-leading products and services. MSSPs should align with a vendor that can provide a network operations center (NOC) with a set of security operations center (SOC)-centric offers, which include security information and event management (SIEM), security orchestration automation response (SOAR), and artificial intelligence (AI) and machine learning (ML).
AI/ML can automate all the cybersecurity alerts and help CISOs understand over time how their facilities react and perform. As important as the technology, MSSPs would also benefit greatly from a vendor that offers an enablement program that assists in the design, testing, deployment, and lifecycle of their offers.
Threat Intelligence
It's very beneficial for MSSPs to work with a vendor that integrates AI/ML into its solution, but it’s probably more impactful to an MSSP's success by having integration with the vendor’s threat intelligence service. Vendors that help MSSPs and their clients the most are the ones that bring a depth of intelligence around threat vectors that are being collected globally. A managed security service provider can leverage the data to get better insights into zero-day threats and prepare for potential threats before they're even seen.
As always, the best path to MSSP success is to choose an industry-leading cybersecurity vendor with proven products and services — and one that offers global insights on all aspects of cybersecurity threats. MSSPs expanding into OT security should use centrally managed solutions specifically built for OT that leverage protocol-based services and enable integrations.
Author Michael O’Brien is regional VP, strategic routes to market, Fortinet. Read more Fortinet blogs here. Regularly contributed guest blogs are part of MSSP Alert’s sponsorship program.
