What Does a Risk Assessment in the OT Network Include?

In 2015, the Ukrainian power grid was attacked by a “malware” called BlackEnergy. It is considered the first cyberattack against an electrical grid that resulted in a blackout. BlackEnergy was deployed on the electrical grid with the aim of attacking the ICS (industrial control system) of the network. It shut down the control software and prevented its restart. The blackout affected about 200,000 users for several hours.

Today, industrial plants around the world control their OT networks in an automated way. At the same time, they try to have greater visibility within the plant’s operations, better coordination and interoperability, and more automation. But the reality is that the OT networks of many of these factories – chemical plants, power generation plants, etc. – are no better protected than the Ukrainian power grid was in 2015.

The problem starts with the difference in criteria between the designers and operators of the OT network and their IT network counterparts. In the beginning, the OT network was designed to optimize efficiency and productivity while maintaining the safety of workers. Data security was not taken into account. It made perfect sense, since most of these OT networks were isolated from the rest of the plant’s networks: there was no incentive to design them with a security criterion.

The convergence between OT and IT has increased the infiltration capacity of hackers. Now there are new ways to access a company’s systems, stopping entire plants. This causes damage not only to operations, but also to the reputation of these companies.

I OT Risk Assessment: the Key to your OT Network Security

Today, many companies are realizing that they have a security problem in their OT network. A good first step to identify the scope of the problem is to perform a cybersecurity risk assessment on your OT network. In this way, the vulnerabilities of the OT network come to light and an action plan with corrective measures can be determined.

This assessment should consist of at least:

1. Identification of OT assets. All hardware, software and devices connected to the network are identified and characterized, along with any interconnections or points of integration between the OT and IT networks.
2. Vulnerability assessment. All assets are analyzed to identify their security vulnerabilities. The analysis covers: operating system, applications, communication protocols, hardware interfaces, etc.
3. Threat pattern. A comparison is made between the vulnerabilities detected and the known threats and “malware”. With this, an assessment of possible cyberattack scenarios is achieved.
4. General risk assessment. The vulnerabilities and the threat assessment provide the general risk assessment, which emphasizes where the greatest risks lie. Thus, it allows the creation of an action plan with defined priorities.

When talking about a risk assessment in OT networks, there is no one-size-fits-all solution: each industry (electric power, process manufacturing, renewable energy, drinking water, etc.) has different characteristics and, therefore, the risk assessment is carried out according to the specific installation.

I OT Network Risk Management Plan

The result of the security assessment should be an action plan, prioritized according to risk, that the company must carry out to protect itself. Even so, these actions should not be limited exclusively to mitigating immediate vulnerabilities. Security in the OT network is a continuous process that includes:

• ICS asset management. An asset management system tracks the ICS, its components, and its security level, and identifies new components on the network. In this way, supervisors have immediate access to security information about their OT network.
• OT network monitoring. In the same way as in the IT network, OT network monitoring systems protect the operations environment by identifying possible attacks and alerting supervisory personnel.

I Professional Advice for OT Security Assessment

A risk assessment in OT is not a project that can be undertaken internally. In most cases, the OT network belongs to operations personnel, who also perform its maintenance. This profile lacks the necessary knowledge to carry out the assessment.

Logitek has an automated industrial risk assessment platform (CIARA) precisely with this objective: to help personnel in charge of the security and stability of the OT network to carry out these assessments. As the first risk assessment platform based on the ISA/IEC 62443 standard, CIARA is a fully automated tool for asset information collection, analysis and risk calculation including a benchmark score based on geographic areas and industrial sectors.

At Logitek, we believe that in order to secure your operations, the most important step is taken before a threat has been identified. You cannot protect the OT network if you do not see what is happening in it and you cannot manage its security if you do not know its real state.

Logitek has a team of cybersecurity experts who can help you understand your cybersecurity risk level and advise you on the most appropriate solutions to protect your operations.