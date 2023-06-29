By OT, operation technology, we mean both the hardware and the software dedicated to the control of industrial devices and their processes. It is the technology used in factories, in general in the manufacturing industry but not only, for example the OT is also present in energy supply companies or among the suppliers of infrastructures for the Public Administration. Operation technology is now increasingly integrated into information technology, just think of what is happening today to industrial robots, governed as IoT devices.

On the one hand, the digitization of OT brings enormous advantages in its management, on the other it represents a thorn in the side, especially when it comes to security. Even between industrial devices, data and information pass through, with the aggravating circumstance that they are often remotely monitored machinery, i.e. not constantly monitored, and which are regulated by obsolete and non-standard software.

Systems belonging to the Operational Technology category (OT) therefore undoubtedly represent an attractive target for both political and financial attacks. Most OT devices are in fact considered unsafe “by design”, since their design assumes that these systems work in protected environments disconnected from the IP network. Starting from this assumption, designers in the past have been more privileged functionality and efficiency, often to the detriment of safety. Today we can no longer think of basing the security of OT systems by acting only on the network within which they operate. It is more important than ever to consider the OT world as an independent element to be protected in terms of vulnerability in its components.

The data of the intrusions in the OT market

Because of this, “the OT industry continues to be targeted by cybercriminals at a rapid rate,” says Fortinet’s 2023 State of Operational Technology and Cybersecurity. In particular, even if the number of companies that have not experienced an intrusion is sharply reduced year-on-year (from 6% in 2022 to 25% in 2023), there is still significant room for improvement. In fact, three-quarters of OT companies have reported at least one intrusion in the past year. Malware (56%) and phishing (49%) were again the most reported incident types, with nearly a third of respondents saying they have been the victim of a ransomware attack in the last year (32%). unchanged from 2022).

To focus on the Italian marketMassimo Palermo, Fortinet Country Manager for Italy & Malta comments on the data of the latest Clusit report, a fundamental reference for our country. “Attacks in Italy grow by 169% from 2021 to 2022 and the incidence on the global total has gone from 3.4% to 7.6%, which means that Italy continues to be an attractive target. This – continues the manager – means that cybercriminals are perfectly aware of the vulnerabilities of our infrastructural fabric”.

While awareness of increased protection by companies is growing slightly, on the other hand the reaction is not enough. “In Italy the ratio between cybersecurity spending and GDP is 0.10% – recalls Palermo – keeping our country very far from the other members of the G7. I trust that the investments envisaged by the PNRR can help us climb the rankings, as well as the obligation to comply with the NIS 2 Directive of the European Union on the security of networks and information which provides, among other things, for more stringent interventions”. In short, once again, if there is no sensitivity and desire to invest, the Law certainly obliges companies to make a move.

Effective technologies exist

The excuse of the lack of solutions does not hold up: today more than ever, technological tools are adequate to face even the risks of a particular sector such as the OT. Even if the scope is complex: again according to the Fortinet report, almost 80% of respondents said they had to manage more than 100 OT IP-enabled devices. The survey results also revealed that cybersecurity solutions continue to contribute to the success of the majority of OT professionals (76%), particularly by improving efficiency (67%) and flexibility (68%).

However, the study data also indicates that the dispersion of solutions makes it more difficult to incorporate, use and consistently apply security rules in an increasingly convergent landscape. The problem then gets worse due to the aging of the systems: the majority of companies (74%) declared that the average age of the ICS systems (Industrial Control System) of their company is between 6 and 10 years .

“Cybersecurity platforms are the bastion that protects the corporate business – says Palermo -. Today the approach is zero trust – i.e. no trust on accesses and traffic on the corporate network – and there is a need for a strategy that provides for an assessment of digital risks and deception actions – capable of allowing the threat to be identified and neutralized of deception before it manifests itself – as well as the simple detection – the identification when it has already been declared. But that’s not enough, we need a corporate culture oriented towards security and total awareness of the vulnerabilities of the IT infrastructure”.

Speaking of critical infrastructures, the aforementioned NIS2 directive can and must be exploited to make fundamental improvements in IT, OT, IoT security. In addition to deception solutions (capable of reproducing easily attackable deceptive systems similar to the real ones) exist many fundamental solutions such as sandboxes (capable of testing files and urls on virtual systems similar to real ones to understand if they have malicious behavior), secure switch solutions (capable of hiding the elements present in a network), SIEM (capable of normalizing and correlating all the security events produced by these devices to highlight only the important and real ones).

Regarding the “dispersion of solutions” highlighted by the Fortinet report, Palermo argues that the various security technology manufacturers must collaborate: “an ecosystem approach is needed – confirms the manager -, the market needs alliances, ease of integration between platforms, of standards, to have an increasingly cohesive and solid attack surface”.

An affirmation that is even more valid in the market of industrial devices connected to the Net where, as mentioned, incompatibility, incommunicability, the lack of a few, recognized, standards among the management applications are the masters.

Today the cyber battle is played on speed to minimize the existing asymmetry between attackers and defenders. There is an absolute need to identify/intercept threats as soon as possible…before it is too late and they cause damage to such an important part of the Italian productive fabric.

Share this: Twitter

Facebook

