Skip to content

Critical Infrastructure’s Silent Threat: Part 3 – Protecting PLCs and Their Environment

Part 3: Protecting PLCs and Their Environment

For many years, PLCs have been insecure by design. Several years into customizing and applying best practices from IT gave rise to secure protocols, encrypted communications, network segmentation, and so on. However, PLCs programming is still done without security in mind.

PLC secure coding practices leverage natively available functionality in the PLC. Implementing these practices requires little to no extra hardware or software. They can be incorporated into the typical PLC operating and programming workflow. The implementation requires security expertise and solid knowledge of the PLCs that need to be safeguarded, their logic, and the underlying process.

Continue reading

Critical Infrastructure’s Silent Threat: Part 2 – Understanding PLCs

Part 2: Decoding the Complexity of PLCs

In part one of this series we explained how Programmable Logic Controllers (PLCs) have become key targets for cyber security attacks due to their legacy design, lack of built-in security features, and susceptibility to malware, and how newer PLCs are starting to incorporate more robust security features to help protect against these threats.

Before we can understand how PLCs can be targeted in attacks, we need to understand what they are, how they work and what can be targeted.

Continue reading

The Rise of Iran-Sponsored Threat Actors

In mid-summer of 2022, Albania accused the Iranian government of targeting them with a series of major cyberattacks. The attacks, which targeted government servers and online portals, raised alarms about the increasing expertise and audacity of Iranian-sponsored advanced persistent threat (APT) actors. Although many specifics about the attacks are still unknown, the FBI and other international observers believe that the Iranian government first breached the networks of the Albanian government by using phishing emails and malware as early as 14 months before launching the full attack. After gaining access, the attackers were able to penetrate deeper into the systems to obtain sensitive information and cause disruption to government operations.

Continue reading

Securing Your Plant Without Shutting It Down: Navigating the Intersection of IT and OT

If one of your organization’s goals for 2023 is to implement a robust OT/ICS cyber security solution (and here’s why it absolutely should be, even if budgets are a little tight!) you may need a little help wading through the plethora of options, making a plan, and selling it to your CISO and board. There are many solutions being marketed out there, and many organizations willing to offer advice. 

SCADAfence recently published a vendor-agnostic guide to choosing an OT Cyber Security solution that details why OT cyber security differs from IT cyber security and what you need to know to choose the solution that’s best for your organization. In this post, we’ll delve deeper and explore why a complete integration is so important.

The U.S. National Institute of Standards and Technology (NIST) also released a draft version of a detailed technical guide to implementing OT security, with the final edition expected later this year. We suggest you download and read that as well.

One important thing to remember is that even if you don’t have a complete OT security solution at the moment, you still are probably not starting from scratch.

Enter the so-called expert from IT.

Integration Between OT and IT Is Essential

As we discovered recently on reddit, every control system engineer has a horror story to share about an IT guy who showed up on the floor of the manufacturing facility with a poorly thought out plan to install or upgrade or a cyber security solution. They proceed to scan every device on the OT network with a tool not-quite designed for the job and leave a disaster in their wake. Machines shut down. Production lines halted. Productivity out the window. Fingers pointed directly at the OT engineers.

We understand why most OT engineers would prefer to keep IT experts out of the factory, and back in the office, where they belong. But the fact is, OT networks require cyber security protection too. (And because a cyber attack in the OT world risks harming physical safety, not just data, the need is actually higher.)

However, as the integration of IT and OT systems becomes increasingly connected in functionality, it’s important to ensure that their cyber security solutions are well-integrated as well.

IT systems are usually more mature, based on common operating systems such as Windows OS or Linux, and have more options available. OT systems on the other hand, are often more fragile and built on custom software, but are more critical to an organization’s mission.

Therefore, as much as the OT teams might prefer to keep the IT teams out of their workspace, it is important for them to work together. Make sure roles and responsibilities are well-defined and it’s clear who holds final accountability for making sure your facility is secure.

Identify Your Specific Use Case

Before selecting an OT cyber security vendor, it’s essential to prepare and validate a clear list of IT integration use cases, and ensure that your chosen vendor is able to meet those needs

A sound and complete integration between OT and IT security solutions should accomplish several things. First, it should allow for the flow of information between the two systems. This means that the OT team can receive alerts and notifications from the IT system, and vice versa. Second, a seamless integration should allow for forensic analysis to be conducted across both systems if needed. Third, remote users that are authenticated by the IT systems, may need access to OT systems as well. Therefore, a proper solution will allow a way for users logging on remotely to get the access they need at the correct level of authorization.

This means that the solution should integrate seamlessly with other tools that are already in place. For example, SCADAfence integrates with a number of different security vendors, such as Rapid7, Keysight, and Secureworks. An open API that allows for maximum flexibility is ideal, as it allows you to tailor the integration to your specific use case rather than being limited to pre-set integrations that may not meet your needs.

Increased Visibility And Other OT Needs

In addition to the OT/IT integration, there are many other things to look for in an OT solution. Including, yes, the ability to passively scan the network to create a detailed inventory of every device without causing damage and shutting down the network. Other must-haves include quick installation time, low false positive rates, and tailored risk alerts. These are all covered in detail in the guide as well. 

So, when the CISO, IT person or other member of senior management tells you they want to bring in a cyber security expert, instead of tossing them out on their head and bolting the door, invite them in, be prepared, and talk about how best to work together.

To get more advice and information about choosing an OT cyber security solution, download our complementary guide.

About Version 2
Version 2 is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About SCADAfence
SCADAfence helps companies with large-scale operational technology (OT) networks embrace the benefits of industrial IoT by reducing cyber risks and mitigating operational threats. Our non-intrusive platform provides full coverage of large-scale networks, offering best-in-class detection accuracy, asset discovery and user experience. The platform seamlessly integrates OT security within existing security operations, bridging the IT/OT convergence gap. SCADAfence secures OT networks in manufacturing, building management and critical infrastructure industries. We deliver security and visibility for some of world’s most complex OT networks, including Europe’s largest manufacturing facility. With SCADAfence, companies can operate securely, reliably and efficiently as they go through the digital transformation journey.

Navigating the Changing Landscape of OT Security in the New Year

It’s become somewhat of a ritual at the beginning of every year, (almost) every company comes up with a review of the past year, and an attempt to forecast what the next 12 months will bring. This year is more challenging than ever. Not only are geopolitical tensions and conflicts at an all-time high but there’s a lot of uncertainty due to the bear markets and the almost inevitable recession that is lurking.

2022 was a year of incredible growth and evolution for OT cyber security. If there is one word that sums up the past year in my mind, it is “change.”

Continue reading


Click one of our contacts below to chat on WhatsApp