Addressing the Security Risks of Digital Transformation on Smart Infrastructure With Deception
published : 30 Nov 2020 at 17:57
Bernd Koenig, Senior Cybersecurity Strategist, Fortinet
The current universal status for networks is "connected." Beyond traditional computing models, connectivity is the default status for mobile devices and a full range of Smart-X solutions for smart business, smart working and smart logistics, including cars and transportation systems, appliances, buildings, manufacturing floors, cities, and critical infrastructures. In fact, many individuals live their lives surrounded by IP-based sensors that keep us – and an astounding array of devices – connected and communicating.
Of course, sensors and devices were used to manage infrastructures 10-15 years ago, when IP networks were already a fundamental part of the internet-connected universe. Today however, this has all changed. Those basic sensors have now become "smart sensors,” providing a wider variety of capabilities. IoT devices – or Industrial IoT (IIoT) in some environments – have also become more sophisticated. And at the same time, to generate more efficiencies and to ensure an agile response to new market demands, IT and OT networks and devices have begun to converge. All of this have made the OT attack surface become more complicated to protect.
Understanding the Threat Landscape – IoT/OT Security Threats:
Here are some of the primary security threats targeting IoT and OT systems and solutions:
IoT/OT sensors are increasingly being connected to IP networks allowing remote access, which means they can also be attacked over the internet from every point on the globe.
IoT and OT sensors either use a legacy operating system (on average, 10-15 years old) deployed in a delicate environment that cannot be taken down for updates or patches or a proprietary OS that doesn’t allow the installation of security software. This makes it very difficult to establish traditional security controls like with a regular IT asset.
Newer IoT and OT sensors now include a much more extensive range of capabilities, making them more attractive to threat actors. In addition, a new breed of attacker has emerged over the last decade. Hacktivists and cyberterrorists are willing to generate a breach with high-profile impact with no financial gain – such as inflicting economic damage on a business or infrastructural damage to a country or region – to support a political agenda.
Many IoT devices are headless, which means there is no "Patch Wednesday" for them since they cannot be updated. Instead, organisations need to rely on proximity controls and zero-trust network access to provide protection.
Ever since the Stuxnet attack of 2010, OT networks have increasingly been under attack. We all remember the Mirai botnet designed to compromise millions of IoT and OT devices worldwide to run a successful DDoS attack against the US internet infrastructure. OT-based cyber-attacks have targeted national electrical grids, darkening the homes of hundreds of thousands of individuals. And targeted attacks against IoT/OT devices installed in the water pump stations of a middle-eastern country by a nation-state actor was an attempt to poison the water supply by increasing chlorine levels in water flowing to residential areas.
Using Deception to Protect Your OT Infrastructure
You are probably asking, if this is the new reality we live in, how can I protect my network from IoT and OT-based threats? Disconnect them? Update the firmware? Apply network access control? Apply network segmentation? The answer may be YES to any or all of those, depending on your circumstances. But there is another strategy that allows your organisation to be much more proactive, and that is by integrating deception technology into your current security stack. A proactive security approach, such as the use of deception technology, does not attack the attacker. Instead, it proactively uses the attacker techniques and tactics against them. The idea is straightforward. Deception technology allows the IT team to “deploy” virtual fake assets over the infrastructure, which generate false data across your endpoint and servers. This fabricated network deceives threat actors, luring them away from your critical assets and preventing them from doing actual harm to your network. But more importantly, because all of your legitimate devices and workflows know that these assets are fake, only unauthorised users, devices, and applications will trigger them.
This strategy is especially effective in mature network environments. Adding deception strategies to SOC solutions, for example, enables IT teams to use deception as a "high fidelity alert source." Because deception technology alerts are only tripped by unauthorised users, devices, and applications, organisations can more effectively use them to establish automation around threat hunting capabilities and incident response.
Even better, the best deception technologies not only protect against known threats, but they are also able to detect, analyse, and defend against zero-day and other advanced attacks, often in real-time. Deception technology enables a more proactive security posture by deceiving the attackers, detecting them, and then defeating them, allowing the enterprise to return to normal operations.
Make Deception Technology Part of Your OT Security Strategy
Here are some key reasons why deception technology should be included in any security stack:
- It provides early post-breach detection, often before any severe damage can be done by downloaded malware.
- It reduces dwell time of a network breach – now more than six months – by detecting malware designed to quietly probe the network for vulnerabilities while evading detection.
- Because it is a failsafe system, meaning it only works when something misbehaves, it effectively reduces false positives.
- It can be deployed in most OT environments to gain visibility and control over IoT and other OT devices that cannot be protected using more traditional solutions.
- Good detection technology is highly scalable and has little-to-no impact on normal network performance.
- Setting up and managing a deception solution is simple, and the detection of threats is fully automated.
By deploying deception technology as part of the security stack, it can act as a "high fidelity alerting source" to automate threat detection, response, and remediation.
Learn how Fortinet can help you extend security and maintain compliance in any ICS/SCADA-connected environment at www.fortinet.com