How a converged IT/OT SOC can protect critical infrastructure    

How a converged IT/OT SOC can protect critical infrastructure    

Everyone depends on critical infrastructure to serve as the backbone of modern society, delivering essential services such as electricity, water, transportation, and healthcare. As critical infrastructure systems become more connected and complex, they also become more vulnerable to cyberattacks that can disrupt operations, compromise safety, and cause economic losses.

Click for more special coverage

The convergence of information technology (IT), operational technology (OT), and Internet of Things (IoT) systems have generated a rise in cyberthreats which require organizations to develop a clearer understanding of how OT (a combination of hardware and software), IT, and IoT devices interact. Cybercriminals are exploiting the gaps and vulnerabilities in these converging systems to launch sophisticated attacks that can cause physical damage, data theft, ransom demands, or industrial espionage.

While most organizations understand the importance of cybersecurity for OT, some believe implementation will cost too much money and becomes too complex. While government, Microsoft, and the broader tech industry have begun offering new cybersecurity tools, affected organizations are often slow to adopt them.

Many organizations lack visibility and control over their OT and IoT assets, making it harder to detect and respond to threats. Microsoft has identified device vulnerabilities in 78% of industrial control networks. Additionally, many OT devices use proprietary protocols and standards that may not have cybersecurity best practices built in. Other factors such as downtime sensitivity, legacy systems, and resource constraints also affect the security posture of these systems. Of the 78% of devices that are vulnerable, 46% have CVEs that cannot teams can’t patch, and 32% could get patched. Of the 22% that are not vulnerable, 15% are devices with no CVEs, and 7% are devices that have been patched by customers.

Cybersecurity was always a technical issue, but today’s it’s become a strategic one that requires collaboration and coordination across different stakeholders. As critical infrastructure becomes more interconnected and interdependent, organizations need to rethink their cyber risk impact and consequences. Adopting OT cybersecurity products has become easier because of advancements in technology.

We’ve found that zero-trust and device visibility have emerged as the best approaches to combat attackers. Asking the following questions can help combat attackers targeting IT and OT environments:

  • Is the system exposed to the internet?
  • Is it dependent on external systems to function and can someone externally gain access? If so, does the team have the means to spot an attacker’s access?
  • How does the team manage employee or contractor access to spot anomalies?

By leveraging the latest data and insights and having empowered OT and IT security teams to work together in a converged security operations center (SOC) to create a unified front against evolving threats, companies can maximize their resources while gaining a comprehensive view of vulnerabilities.

This way, a converged SOC taps into the strengths of both teams, creating a streamlined, cost-effective approach to enterprise security. A unified SOC with end-to-end visibility from IT into OT along with zero-trust networking offer a strong layer of defense against critical infrastructure threats.

To further address IoT and OT security threats, governments and industry are advancing multiple standards and policy initiatives. As the market changes, governments are moving toward mandatory requirements, where noncompliance could result in losing access to a market segment or financial penalties. These requirements will create significant market pressure on IoT and OT device manufacturers to adopt cybersecurity best practices.

David Atch, principal security research manager, Microsoft

Related Articles