Industrial networks are increasingly connected, providing real-time data but also opening the door to cyber threats migrating from IT to OT systems. The impact of the May 2021 pipeline ransomware attack1 resulted in the TSA introducing a security directive mandating that critical pipeline owners and operators implement several cybersecurity resilience measures. If your clients missed the Oct. 25, 2022, deadline to submit a Cybersecurity Implementation Plan for TSA approval, keep reading.
Traditional security approaches can’t safeguard your clients’ converged IT/OT networks. Nation-states and criminal groups are employing more sophisticated tactics including:
· Spearphishing to obtain initial access to the organization’s IT network before pivoting to the OT network
· Deploying commodity ransomware to encrypt data for impact on both networks
The destructive impacts of these attacks are far-reaching and can result in significant financial losses for your clients. It’s no surprise that the number one concern of senior cyber leaders globally is infrastructure breakdown due to a cyberattack.1
Fortinet’s 2022 State of Operational Technology and Cybersecurity Report reveals that organizations are still moving too slowly toward full protection of their operational technology (OT) assets. With 93 percent of OT organizations experiencing an intrusion in the past year and 78 percent of them experiencing more than three intrusions, you must act swiftly to strengthen your clients’ OT security postures.
Leveraging the NIST Cybersecurity Framework
To enhance pipeline cybersecurity, Fortinet's OT security experts suggest that CISOs and their advisors adopt NIST's Cybersecurity Framework. This framework comprises five functional areas, or pillars, that collectively elevate cybersecurity maturity, compliance and resilience.
NIST Pillar 1 – Identity
This includes identifying the data and systems that need to be protected.
NIST Pillar 2 – Protect
A key element in this area is inventory and access control. Here, you establish and enforce unique accounts for each individual user and administrator, establish security requirements for certain types of privileged accounts and prohibit the sharing of these accounts.
NIST Pillar 3 – Detect
This pillar begins with your having ability to detect suspicious events and anomalies. You must also establish technical or procedural controls for cyber intrusion monitoring and detection.
NIST Pillar 4 – Respond
To comply with this pillar, you must have tools and processes in place to monitor, respond to, and mitigate threats.
NIST Pillar 5 – Recover
In the event an attack penetrates your clients’ networks, you must develop a game plan to recover as quickly as possible. This may include recovering data from backups, regaining control of workstations, or spinning up parallel devices.
Using the NIST Framework can help your security teams identify and prioritize actions for reducing cybersecurity risk within your clients’ networks. It can be used to manage cybersecurity risk across entire organizations, or it can be focused on the delivery of critical services within an organization.
Visit us online at www.fortinet.com/OT to learn how you can create and deploy an OT security initiative that exceeds TSA compliance mandates.
Sources:
1. https://www.weforum.org/agenda/2022/05/securing-systemically-important-critical-infrastructure/