Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe
  • Twitter
  • Facebook
  • LinkedIn

When It Comes to Your Drinking Water, How Safe Is Your Operational Technology?

When It Comes to Your Drinking Water, How Safe Is Your Operational Technology?

The recent intrusion of a Florida water-treatment plant highlights the need for strong protection of industrial control systems. Here's what you should consider.

This past Friday, in Oldsmar, Florida, an eagle-eyed technician at a water purification plant noticed a chemical change setting to the water supply. With a quick response, the technician found that remote access was made to the operational technology (OT) network in charge of purifying the water, and the unknown intruder had increased the amount of sodium hydroxide, essentially lye, from 100 parts per million to potentially harmful levels of 11,100 ppm. If not for the quick response of the technician, there could have been a direct impact to the lives of people in Pinellas County who rely on the safe delivery of this water as a drinking source. 

While in this case, the potentially calamitous, unauthorized change to the OT network was quickly detected and resolved before any damage to the public occurred, this is not always the case. Unfortunately, over recent years, OT networks have seen a dramatic uptick of security incidents. 2020 global events only accentuated the security challenge, forcing companies to “open up” their network for remote access to quarantined or otherwise limited personnel. These factors, along with technological advances such as the convergence of IT and OT environments and the rapid adoption of IoT technology, have further expanded OT attack surfaces and vectors, making industrial environments into prime targets.

For most industrial organizations, the need for vigilant security is nothing new. Threat vectors and the security forecast is constantly evolving given emerging threats. The convergence of IT and OT operations, whether planned or unplanned, is in almost all cases a reality. Setting the appropriate safeguards will help ensure secured operations for your organization and will give OT operators the tools needed to safeguard critical infrastructure. What should you consider?

Visibility that extends beyond traditional borders

Until only recently, IT security and OT infrastructures inhabited completely different worlds, thus the ability to see into either environment was bifurcated along these lines. Modern-day attacks are amorphous and travel across the traditional IT and OT security borders, as was evidenced in this most recent incident. Our ability to track these types of propagation routes requires the de-siloing of traditional visibility parameters. Being able to gain a single view of IT and OT, along with the conversations happening between the two worlds, is essential. This holistic view can help illuminate potential attack vectors and asset blind spots that may have eluded traditional security strategies.

Deep situational analysis

Whether or not an OT environment is converged, it is important to recognize the significant difference in IT and OT life cycles. While IT infrastructures update regularly, OT infrastructures often persist for years, even decades. It is not uncommon for an OT infrastructure to be as old as the plant itself. The result is that a full inventory of assets, along with maintenance and change management records, may not be current. Therefore, crucial data may be missing, including important details such as model number, location, firmware version, patch level, backplane detail and more. Since it is impossible to secure assets that you may not even know exist, having a detailed inventory of your OT infrastructure that can be automatically updated as conditions change is essential to protecting your industrial operations.

Reduction of cyber risk

When it comes to modern OT environments, cyberthreats can originate from anywhere and travel everywhere. Therefore, it is important to utilize as many capabilities and methodologies as possible to find and mitigate exposure risk. This includes network-based detection that:

  • Leverages policies for allow- and block-listing capabilities
  • Anomaly-based detection that can find zero-day and targeted attacks and is predicated on baseline behaviors unique to your organization
  • Open-source attack databases, such as Suricata, that centralize threat intelligence from the greater security community, bringing together more eyes on any potential threat to yield significantly better security response

Since most attacks target devices rather than networks, it is essential to utilize a solution that actively queries and provides security at the device level. Because OT device protocols can vary widely, security and health checks must be unique to the make and model of the device, including the device language. These deep checks should not scan but rather be precise in query nature and frequency.

In 2020, over 18,300 new vulnerabilities were disclosed, affecting OT devices as well as traditional IT assets. However, less than half of these vulnerabilities actually had an available exploit. Gaining a full awareness of the vulnerabilities that are relevant to your environment, along with a triaged list of exploitable vulnerabilities and critical assets, will enable you to prioritize the threats with the highest risk score, thereby dramatically reducing your cyber exposure profile.

Knowing when changes happen

The core of any OT infrastructure is the programmable logic controller, or PLC, that controls the industrial or manufacturing process. In the case of water purification, the PLC orchestrates the delicate process of ensuring the appropriate mix of chemicals that renders drinking water safe. 

Attacks architected against industrial control systems (ICS) consist of making an unauthorized change to a PLC. Configuration control creates a snapshot or papertrail to highlight a delta before and after a PLC change. By taking snapshots at regular intervals, you get visibility into such changes, how they were made and by whom. Configuration control can provide a full audit trail and give ICS administrators the intelligence, insights and ability to roll back to a “last known good state” if someone actions sub-optimal or unauthorized changes to a PLC.

OT environments are core to the operation of nearly all critical infrastructure and manufacturing facilities. They have grown more sophisticated and interconnected over time, producing and manufacturing essential goods and services to exacting standards. Our need to secure these critical environments against threats is as important, if not more, than securing our IT infrastructures which are connected to them. Gaining visibility, security and control over OT environments is crucial – lives literally depend on it. 

For more information on implementing these OT safeguards, check out the whitepaper, Secure Industrial Control Systems With Configuration Control.

Related Articles

Are You Vulnerable to the Latest Exploits?

Enter your email to receive the latest cyber exposure alerts in your inbox.

Try for Free Buy Now

Try Tenable.io

FREE FOR 30 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Choose Your Subscription Option:

Buy Now
Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year. Full details here.

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 30 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 30 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Get a Demo of Tenable.sc

Please fill out the form below with your contact information and a sales representative will contact you shortly to schedule a demo. You may also include a short comment (limited to 255 characters). Please note that fields with asterisks (*) are mandatory.

Try for Free Contact Sales

Try Tenable Lumin

FREE FOR 30 DAYS

Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Buy Tenable Lumin

Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.

Request a demo of Tenable.ot

Get the Operational Technology Security You Need.
Reduce the Risk You Don’t.