These 7 common mistakes make OT environments vulnerable

These common mistakes make OT environments vulnerable

According to research by Orange Cyberdefense, the manufacturing industry was the primary target of cyberattacks last year: nearly 33 percent affected this sector. For years, this industry has been the most frequently targeted. Jeroen Wijnands, Head of OT Security at Orange Cyberdefense, observes the same missteps in the majority of these companies. According to him, these are the most commonly encountered errors along with their corresponding solutions.

1. Incorrect configuration of antivirus software

Antivirus software is crucial for protecting workstations against malware. However, Wijnands often observes that industrial organizations configure it incorrectly. This often leads to false positives: the software incorrectly identifies essential production files as dangerous and quarantines them. This can cause serious disruptions in production processes.

Precisely configuring a so-called 'whitelist' prevents this. "You put reliable files and applications on there," explains Wijnands. "This way, you tell the software that these files are trustworthy, preventing them from being mistakenly quarantined. In addition, by regularly updating and maintaining the antivirus software, you maintain the protection level. This increases the likelihood that the software will also recognize new threats."

2. Inadequate network segmentation

Wijnands notices that in many organizations, access to a single PC is sufficient for access to virtually all other systems, both within the IT and OT environments. This poses security risks: a breach on a single system can expose the entire organization to threats. "In the worst case scenario, a hacker can gain access to all of a company's applications and data through a single compromised PC," he explains. "Additionally, it is not desirable for sensitive information to be accessible to everyone within the company."

An effective solution for this is network segmentation. "This involves dividing the network into multiple logical segments. Within these groups, you place systems, data, and applications that need each other to function properly. The idea is that these individual groups cannot communicate with each other without special security measures such as a firewall. This significantly reduces an attacker's 'playing field': once inside a system, a hacker does not automatically have access to other network groups."

Secure communication between the different segments requires a firewall. "The amount of communication between network segments is usually limited. Therefore, a relatively small and affordable firewall is often sufficient."

Network segmentation has another important advantage, according to Wijnands. "This also prevents a regular user from having access to all applications and data in a network from a single system. This is often unnecessary and only increases the risk of, for example, a data breach."

3. Careless use of USB sticks

It may seem obvious, but the use of USB sticks in the industrial sector is still widespread. Employees often reach for a USB stick for the convenience of quickly sharing or transferring data to colleagues or external parties such as service technicians. "Often, it's unclear where a USB stick comes from or which other systems it has been in."

Wijnands advises strict rules for the use of USB sticks. This policy should enforce strong encryption, password protection, and regular malware scans. "Limit the use of USB sticks to necessary situations and establish clear guidelines for their use. Additionally, regularly scan all sticks for malware and viruses. Furthermore, it's wise to have a policy for managing data on portable storage media. This includes procedures for regularly wiping data and verifying content before employees share it with external parties."

4. Ignoring machine software maintenance

Manufacturers typically advise proper maintenance of their machines, such as replacing oil filters or lubricating bearings. However, good maintenance is also necessary for the computer systems built into these machines. In practice, according to Wijnands, this is still too often overlooked, often out of fear of disrupting the production process. This leads to vulnerabilities in those systems.

Wijnands emphasizes the importance of regular maintenance of OT systems. "For example, through software updates and installing patches. This is just as important as physical maintenance to maintain the safety and performance of the installations." According to him, organizations should also consider fast recovery options if patching or updating unexpectedly fails.

Organizations are still too hesitant to patch for this reason. According to him, this 'patch fear' is unfounded, as long as you use good solutions that minimize the chances of disruptions after a failed patch or update. Wijnands cites the Cyber Recovery Unit from Salvador as an example. "This solution is linked to a system and continuously backs up data. If something goes wrong during patching, this solution ensures that the system is operational again within 30 seconds."

5. Insecure laptops of service technicians

When a machine requires technical maintenance, a service technician often uses a laptop to diagnose the machine. This laptop may contain malicious software. This doesn't necessarily have to be a deliberate action. The laptop may have become infected while at another customer's site or through personal use at home.

Therefore, it is important to thoroughly scan these devices for malware before they connect to the machines. Wijnands compares this to safety checks on electrical tools. "These tools must be inspected in many workplaces before employees can use them. Sometimes, you even have to show inspection stickers. The same principles should apply to the laptops of service technicians."

6. Insufficient attention to IT tasks in industrial environments

Many industrial organizations consider typical IT tasks such as software upgrades as time-consuming side tasks that detract from the main goal: maximizing availability and achieving production objectives. This is incorrect: these IT tasks are equally important. With the right approach, they don't have to hinder production objectives and availability.

Smart planning of IT maintenance prevents unnecessary time wastage. "If a machine is already offline for physical maintenance, this moment can also be used to perform software updates or apply security patches."

7. Improper management of workstations

Sometimes, security measures that are common in IT environments can go too far for OT environments. Wijnands gives the example of how many workstations in OT environments are configured. "In many production environments, workstations are managed as if they were regular office PCs. This can be inefficient. A typical example is the automatic logout feature: the PC locks itself after a few minutes of inactivity," Wijnands explains. "Users need to log in again to use the workstation. This can cause significant inconvenience for operators in a production environment."

Wijnands suggests implementing specific policies and procedures tailored to the unique requirements of production environments. According to him, it is wise to align workstation procedures closely with the needs and demands of the production environment. "For critical workstations, for example, that logout function should be delayed or completely disabled. Attention to security also means finding a balance between safety and efficiency."