Eight OT Cybersecurity Predictions for 2020 


Cybersecurity experts from PAS share their 2020 predictions for industrial facilities. Check out the top trends and cyber threats Jason-Haward Grau, PAS CISO, and Mark Carrigan, PAS COO, are expecting to ring true in the new year. 

5G Risks Will Bleed Into Industrial Environments
With 2019’s wave of hype surrounding 5G, new vulnerabilities and opportunities for exploit are almost certain in 2020. What makes 5G a greater-than-normal risk is the high business potential for its use and deployments, which will regularly occur in arguably less-secure industrial environments with outdated, legacy devices. Adversaries will begin to target these environments, bringing dire consequences such as unauthorized changes to configurations that make industrial processes do something they are not supposed to do, thereby, resulting in an industrial accident, outage or even environmental excursion.
Jason Haward-Grau, CISO at PAS Global

The Fourth Industrial Revolution Will Arrive – But Companies Won’t be Ready  
With more connectivity, comes more risk. 2020 will signal a giant leap toward the fourth industrial revolution (Industrie 4.0), and organizations won’t be ready from a cybersecurity perspective to meet the mandates of Chief Digital Officers (CDOs). In order to catch up, this means first assessing the unique risks that modernization brings to OT environments and developing an inventory of devices and the risk of potential threats. After all, you can’t protect what you can’t see. Secondly, organizations will need to minimize or offset these threats by blending safety and security to remedy existing vulnerabilities on legacy devices and build security directly into the new and innovative technology being introduced.
Mark Carrigan, COO at PAS Global

IIoT Device Proliferation Will Increase Connectivity and Industrial Cyber Risk 
With the continuing desire from the business to capture operations data for analytics, 2020 will see continued and increasing deployment of Industrial Internet of Things (IIoT) sensors across plants and facilities. With the vast majority of these devices prioritizing connectivity and data gathering over security requirements, their proliferation will significantly increase the attack surface in industrial operations leading to greater cyber risk exposure. With executive mandates for ‘big data’ initiatives at the c-suite and board level, it will be challenging for security and operations teams to address this risk on the timelines these projects are being driven to.
Jason Haward-Grau, CISO at PAS Global 

IT/OT Team and Tools Convergence Will Become Mandatory 
In 2020, worlds will continue to collide with the convergence of IT/OT environments. Recent years have brought multiple, well-publicized cyberattacks on industrial facilities, which are now occurring with greater frequency and sophistication. In order to keep up, organizations entering into the new decade have no choice but to embrace the convergence of environments and teams that previously seemed worlds apart. As we enter into 2020, we must realize that no network is isolated from each other, and in order to thrive—and inherently survive—we must be a part of a larger community, leveraging the expertise that both IT security and OT (operational technology) experts bring to the table. This convergence will present new challenges as control rooms and OT/IT networks become more centralized, e.g. a recent DDoS attack knocked the control room visibility offline at a power generation company.
Jason Haward-Grau, CISO at PAS Global 

A Wake-Up Call: Software Vulnerability Threats on Legacy OT/ICS Devices Will Skyrocket 
As we enter into 2020, we must not press the snooze button when it comes to the importance of OT/ICS (operational technology / industrial control systems) security. Alarmingly, we have seen an uptick in attacks on OT environments in 2019. When OT systems were put in place 20+ years ago, cybersecurity-related threats were not a significant concern like they are today. Because OT is at the core for running utilities, refining, manufacturing, transportation and other industrial automation efforts, organizations will need to increase the prioritization of software vulnerability risks, in particular, to avoid potential life or death consequences in 2020. Going forward, we expect to see a significant increase in malware specifically targeted at exploiting software vulnerabilities in OT networks.
Mark Carrigan, COO at PAS Global

Multi-Vector Industrial Infrastructure Attacks Will Become the New Normal 
Spear-phishing attacks, compromised credentials, malware, ingress via infected contractor devices, and DDoS attacks have been grabbing the headlines of cyber industrial attacks for several years now. In 2020, we will see an increase in the combined, simultaneous use of such attacks as well as attempts to leverage IIoT and 5G hyper-connectivity to gain access to industrial control systems. This will lead to increasing ransomware demands on industrial operations providers as well as increased risk of reliability and safety-impacting incidents. We also expect to start seeing physical, e.g. drone-based, attacks used in combination with digital cyber attack methods.
Jason Haward-Grau, CISO at PAS Global

Increased Adoption of OT Security Frameworks and Standards Will Reduce Risk But Increase Cost & Complexity 
We are seeing an increase in the definition of OT (operational technology) security frameworks and standards, such as ISA/IEC 62443 and the European Cyber Directive as well as frameworks from NIST, NERC, SANS, and the Center for Internet Security. In 2020, increasing adoption of these frameworks and standards will reduce cyber risk, however, they will increase industrial cybersecurity cost and complexity as organizations work to adopt and attest to their use of these frameworks and standards. Given the relative immaturity of adoption, organizations are also likely to evaluate adopting multiple frameworks, thereby, increasing cost and complexity further.
Mark Carrigan, COO at PAS Global

Shortage of OT-knowledgeable Cyber Security Analysts Will Increase Likelihood of Unpatched Vulnerabilities and Unidentified Breaches  
The shortage of IT security analysts is well known, however, the shortage in operational technology (OT) knowledgeable security experts is even greater, posing significant risk to organizations running hazardous industrial processes. With the lack of available experts, many industrial organizations will be exposed to unknown and unpatched vulnerabilities, leading to an increase in unknown breaches. This will increase the likelihood not only for revenue and safety-impacting incidents, but also the risk of industrial cyber ‘sleeper cells’ that are ready to take action based on the needs of nation-state actors at hacking groups at a moment’s notice.
Mark Carrigan, COO at PAS Global 

Download our eBook, How to Approach OT Cybersecurity, to get advice from industry experts for building an effective OT cybersecurity program.

Download ≫


Share this post


Comments

Comments
Blog post currently doesn't have any comments.