Creating and maintaininga definitive view of your Operational Technology Architecture


OT systems are a prime target due to their criticality and the potential impact if these systems are disrupted. As the number and capability of threat actor targeting OT increases, so too does the need for robust cyber security controls.

However, the complexity, scale, and long-standing nature of OT systems often means organisations can lack a holistic view of their environment, which undermines their ability to implement effective cyber security measures. Traditionally, OT networks were isolated (or ‘air-gapped’) from the internet and external systems. However, modern operational demands have led to increased connectivity as networks now integrate with enterprise systems, third-party vendors and cloud services. This makes designing appropriate security controls increasingly critical, to reduce the risks to previously isolated systems.

Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Navigating Gray Clouds – The Importance of Visibility in Cloud Security

    November 23, 2020

    The cloud is the digital world’s ground zero for transformation, innovation, and agility. Its vastness and power enable enterprises and organizations to keep up with high-resource demands and allow them to access mission-critical data anytime, anywhere. With 85% of businesses worldwide using the cloud to store large amounts of information, it has proven its imperative value, ...

  • Adventures in MQTT Part II: Identifying MQTT Brokers in the Wild

    November 18, 2020

    The use of publicly accessible MQTT brokers is prevalent across numerous verticals and technology fields. I was able to identify systems related to energy production, hospitality, finance, healthcare, pharmaceutical manufacturing, building management, surveillance, workplace safety, vehicle fleet management, shipping, construction, natural resource management, agriculture, smart homes and far more. Hackers have been sounding alarms about this ...

  • CEOs Will Be Personally Liable for Cyber-Physical Security Incidents by 2024

    November 17, 2020

    Digital attack attempts in industrial environments are on the rise. In February 2020, IBM X-Force reported that it had observed a 2,000% increase in the attempts by threat actors to target Industrial Control Systems (ICS) and Operational Technology (OT) assets between 2018 and 2020. This surge eclipsed the total number of attacks against organizations’ industrial ...

  • Information Leakage in AWS Resource-Based Policy APIs

    November 17, 2020

    Unit 42 researchers discovered a class of Amazon Web Services (AWS) APIs that can be abused to leak the AWS Identity and Access Management (IAM) users and roles in arbitrary accounts. Researchers confirmed that 22 APIs across 16 different AWS services could be abused the same way and the exploit works across all three AWS ...

  • What Is SCM (Security Configuration Management)?

    November 16, 2020

    The coronavirus 2019 (COVID-19) pandemic shifted the cybersecurity landscape. According to a PR Newswire release, the FBI tracked as many as 4,000 digital attack attempts a day during the pandemic. That’s 400% more than what it was prior to the pandemic. In response to these attacks, 70% of CISOs told McKinsey that they believed their ...

  • Supply Chain Attacks in the Age of Cloud Computing: Risks, Mitigations, and the Importance of Securing Back Ends

    October 26, 2020

    Security is an aspect that every enterprise needs to consider as they use and migrate to cloud-based technologies. On top of the list of resources that enterprises need to secure are networks, endpoints, and applications. However, another critical asset that enterprises should give careful security consideration to is their back-end infrastructure which, if compromised, could ...