OT/IoT Security Report

Executive Summary

As society deals with the second year of the COVID-19 pandemic, organizations are accelerating digitization to survive and thrive. This places more focus on operational systems, which are at the heart of value and revenue creation.

Adding to challenges, cybersecurity is ranked by executives as the second highest risk to enterprises,1 and attacks on critical infrastructure are rated as the fifth highest global risk by the World Economic Forum.2

To help security teams and operators of OT and IoT environments, this report provides an overview of the most significant threats and vulnerability trends of recent months. It also provides actionable insights and recommendations for securing operational systems.

We encourage organizations to focus on security fundamentals and to assess their security posture against the threats and vulnerabilities described in this report for enhanced operational resilience.

In surveying the threat landscape since we published our report on the first half of 2020, two types of threats stand out: supply chain and persistent ransomware.

Supply Chain Threats and Vulnerabilities

The most notable cyber operation of 2020 is the SolarWinds supply chain attack that resulted in the infection of thousands of organizations. This attack, plus recent vulnerability trends, mean that now is the time for asset owners to reevaluate the attack surfaces of their OT/IoT systems, and reassess supply chain risks.

The SolarWinds attack involves an advanced threat actor that compromised a SolarWinds network monitoring product widely used to manage IT infrastructure.

Victims of the attack include U.S. government agencies plus critical infrastructure and manufacturing operations. The damage is sophisticated espionage, with unknown impacts in the future.

Although the SolarWinds threat actor carefully selected just a few targets to receive the malicious payload that allows them to have further access within compromised networks, all infected organizations now face the significant challenge of sanitizing their networks.

The SolarWinds attack also reflects the most important recent vulnerability trend, which is supply chain research and exploitation. It is an example of a threat actor very carefully selecting a widely used service or software as its supply chain target. This attack highlights the risks to end users who have limited agency over the software used within their networks.

Another type of software supply chain threat is embedded component risk, as exemplified by the Ripple20 vulnerabilities.

Ripple20 consists of 19 vulnerabilities identified in the TCP/IP stack from Treck.

At the time of exposure there was high concern about the risks these vulnerabilities posed to IoT devices. However, later in the year, additional research showed that there is little chance that many targets meet the requirements needed for exploitation by a motivated actor.

Attack surface reduction and network segmentation are two best practices to counter supply chain risks. In addition, OT and IoT network monitoring is a key technology that helps define the attack surface and detect anomalous activity indicative of an advanced threat.

Download the report to find more.