Cyber Risk Quantification for OT Systems: Ensuring Resilience in Critical Infrastructures
Operational Technology (OT) systems, integral to industrial operations, are increasingly becoming targets of sophisticated cyber-attacks. Recent incidents such as the 2015 cyber-attack on Ukraine’s power grid and the 2021 Colonial Pipeline ransomware attack highlight the vulnerabilities in OT systems. These attacks disrupted critical services, causing widespread impact on the economy and public safety, and underscoring the importance of robust cyber risk quantification (CRQ) for OT environments.
OT systems play a special role in the smooth running of global events such as the Olympic Games. How does OT systems cybersecurity work? Can we quantify the cyber risks incurred by such a system? We provide the answer in this article.
The Growing Cyber Risk in OT Systems
OT systems comprise physical hardware and software that monitor and control industrial processes. These systems are vital for ensuring the safe and efficient operation of critical infrastructure such as power plants, water treatment facilities, and manufacturing lines. Unlike IT systems, which primarily focus on data confidentiality, OT systems prioritize availability, operational security, and integrity of physical processes.
The convergence of IT and OT environments has introduced significant challenges. While this integration facilitates better operational efficiency and decision-making, it also expands the attack surface, making OT systems more vulnerable to cyber threats. The distinct characteristics of OT systems, including their long lifecycle, the use of proprietary protocols, and the critical nature of their functions, require a specialized approach to cybersecurity.
Understanding OT Cybersecurity
OT Security Principles
Despite its technical nature, OT system security can be summed up in 4 points :
- Anomaly Detection: Monitoring for and controlling any anomalies or incidents within critical processes, devices, or machines.
- Physical and Logical Isolation: Ensuring physical and logical separation of industrial networks to prevent propagation of threats and minimize damage.
- Vulnerability Management: Managing vulnerabilities is complex due to the difficulty in patching and the need for continuous operation.
- Risk Appetite: Generally very low for OT systems, given their critical nature and the potential for severe consequences.
Key Components of OT Systems:
OT systems are made up of several components, each with its own role to play.
- PLCs (Programmable Logic Controllers): Handle process automation.
- SCADA (Supervisory Control and Data Acquisition): Centralized control systems that supervise and collect data from industrial equipment.
- Sensors: Measure and define process inputs.
- Databases and Servers: Store critical operational data.
- Communication Networks: Enable data flow between different components.
Cyber Risk Quantification for OT: A Detailed Process
OT systems are not exempt from cyber risks. The process of quantifying cyber risks in OT involves several steps, tailored to address the unique challenges of these systems:
- Context Identification: Defining the specific industrial environment, including sites and business links.
- Asset Identification: Mapping out all critical components, control systems, and identifying connection points between IT and OT.
- Maturity Assessment: Conducting self-assessments based on relevant security frameworks like IEC 62443, and performing physical inspections if necessary.
- Risk Cartography: Creating risk scenarios based on the industrial threat landscape and organizational context.
- Risk Evaluation: Using templates and specific methods such as HAZOP (Hazard and Operability Study) and FMEA (Failure Modes and Effects Analysis) to assess risks.
- Mitigation and Roadmap: Developing strategies focusing on operational continuity, employee safety, and return on investment.
OT systems at risk : industrial sectors under attack
Cyberattacks on industrial systems, particularly Operational Technology (OT) control systems, are critical because they can disrupt essential infrastructures such as power plants, water networks, and wastewater management systems. These attacks can cause interruptions to vital services, resulting in significant societal and economic impacts. For instance, an attack on a hydroelectric plant can disrupt electricity production and have environmental consequences.
Recent examples can showcase this tendancie :
- In march 2024, the intrusion set called CyberArmyofRussia_Reborn claimed responsability for an attack on the Courlon-sur-Yonne hydroelectric plant in France. However, it was later revealed that they had compromised a small hydroelectric plant in Courlandon, causing a limited 20-centimeter drop in water level without significant consequences. However, water management system compromission, few months before the “Jeux Olympiques de Paris 2024”, which for the opening was planned in the Seine, raised an increasing concern about sabotage risk.
- In november 2023, the Intrusion set “CyberAv3ngers”, suspected to be a proxy of Islamic Revolutionary Guard Corps (IRGC), was responsible (according to CISA) for the compromission of UNITRONICS systems, leading to a 2-day outage on water distribution ;
- On january 2024, Volt Typhoon, a group linked to the People’s Republic of China, was partially dismantled by the American DOJ. The intrusion set was notably involved in pre-positioning attacks against critical American infrastructures, including water management systems.
Cyber Risk in OT for Major Events: The Case of the Olympics
Now that the Olympics are behind us, it’s evident that while the event managed to navigate cyber threats effectively, there were still some underlying anxieties. The Games presented a unique challenge for operational technology (OT) cybersecurity due to the complexity and scale of the supporting infrastructure—encompassing stadiums, transportation systems, communication networks, and power supplies. This required thorough cyber risk management.
The experience of the 2018 Winter Olympics in PyeongChang, where the “Olympic Destroyer” attack disrupted IT systems, highlighted the potential risks. The close integration of OT and IT systems means that an attack on one can impact the other, posing risks to public safety and the event’s success. The convergence of IT and OT systems remains a significant vulnerability for attackers. Consequently, evaluating and managing cyber risks in OT systems was crucial to ensuring the smooth and secure operation of this summer’s Olympics.
The Benefits of Citalid’s Cyber Risk Quantification Solution
Citalid provides a comprehensive platform designed to meet the distinct needs of OT systems in industrial environments. Leveraging extensive experience with large industrial organizations, Citalid’s CRQ solution offers several advantages:
- Tailored Risk Analysis: Citalid adapts its core services to deliver high-value OT risk analysis. The platform integrates with industrial environments, providing customized dashboards that reflect the specific threat landscape and organizational context.
- Enhanced Threat Contextualization: Utilizing dedicated CTI (Cyber Threat Intelligence) datasets, Citalid contextualizes threats for OT systems. This approach improves the accuracy and relevance of risk assessments.
- Expert Support and Customized Dashboards: Citalid’s expert and customer success teams assist clients in performing detailed risk analyses. Customized dashboards offer clear visibility into potential impacts, such as site downtime, reputational damage, and machinery losses, facilitating informed decision-making and strategic planning.
- Peer Benchmarking and Risk Appetite Visualization: The platform provides benchmarks against peers and visualizes risk appetite, helping organizations understand their relative position and refine their risk management strategies.
- Compliance and Maturity Assessments: Citalid ensures compliance with industrial standards and conducts thorough maturity assessments, enhancing the overall cybersecurity posture of OT systems.
- Strategic Roadmap Development: Citalid aids in developing risk reduction strategies that prioritize operations continuity and safety, aligning with the unique requirements of industrial systems.
The increasing integration of IT and OT environments demands a specialized approach to cybersecurity. Citalid’s cyber risk quantification platform offers an advanced solution, addressing the unique challenges of OT systems and ensuring resilience against sophisticated cyber threats. As cyber risks continue to evolve, leveraging such tailored solutions will be crucial for safeguarding critical infrastructures and maintaining operational integrity.
Want to try Citalid? Sign up for the next Live Demo here.