An isolated OT is not a secure OT
Discover what risks the OT may pose to itself and to the enterprise
We have always been led to believe that the best way to secure a network, a system, or a subnet is to isolate it from the rest of the network. In short: disconnect it.
Also, we tend to believe OT subsystems are immune from threats because threats will only originate from the enterprise or upstream networks.
Both of these statements are wrong because they stem from the basic assumption that cyber attackers exploit systems from external networks to generate significant damage. And the biggest risk here is that the psychological overconfidence in the drastic measure of “disconnecting” or implementing a “classic” data diode solution may cause us to neglect those additional measures that bring true defense-in-depth.
There are many reasons why this assumption, that Industrial Automation Control Systems (or more commonly OT) alone is safe, is not true:
- IACS are typically 24/7 operations, where little to no attention is placed on the network. During hours when staff is limited, focus on network anomalies is even less.
- The threat—the ransomware, virus, or cyber attack—doesn’t necessarily have to come from an external network. Since maintenance may involve different contractors and staff, a compromised laptop, SD card, or USB stick plugged into the system may suddenly and unexpectedly trigger a series of events that lead to catastrophe.
- Even if physical access to the network is not allowed, the threat could lie within the equipment itself. IACS are complex ecosystems consisting of multiple devices from multiple vendors, where the majority of those rely on powerful CPUs and open source software. A device that “out of the box” comes with compromised code (perhaps triggered by a specific event or which activates itself on a specific date and time) is enough to create serious damage.
So, yes, protected with a typical data diode, your network may be isolated from the outside world, but it still won’t be safe.
This is where BlackBear can help. Our patented technology not only introduces a physical isolation between your IACS and IT/enterprise sides to protect your operations, but also applies physical packet inspection to prevent your operations from contaminating the IT, thus protecting the OT from itself.
Furthermore, whenever an anomaly is found, our solutions generate a warning to your security assessment center so that your organization may react swiftly to any danger posed from within.