OT is a critical network segment of businesses. OT deals with critical business processes and industrial operations. In a wide range of industries, such as the manufacturing, chemical, oil and gas, and power industries, it uses specialized technologies to run things such as assembly processes, production, floor operations, and energy grids. Over the years, processes in this segment have been automated by using OT, ICS, and SCADA systems, and fully automated plants have been attained in some industries, thus enabling agile, faster production.

All these OT operations were traditionally independent internal networks without any connectivity to the internet or corporate networks, and all OT operations used to be managed by an OT operations team. These industrial plants help businesses make millions of dollars worth of goods/services. Critical IT/OT infrastructure, which supplies water or power, helps the masses to get clean water and electricity...

To unearth the truth regarding why IoT and OT are being attacked more now, let us understand the underlying cause that has left systems more vulnerable and attack-prone.

Diminishing airgap

A disconnected network is a type of network security that was leveraged in organizations in the past. This type of disconnected network is called an airgapped network.

An airgap was never a complete security solution, but network segmentation did pose a few challenges to the attacker.

OT networks were never completely airgapped. A vendor connecting their laptop to an OT network with a dongle connected to it for internet access. Remotely upgrading Industrial Control Systems (ICS) or remote firmware was all happening without knowing about these malpractices. IT/OT convergence increased the attack surface drastically and opened a new attack path.

Fully automated plants further encouraged businesses to utilize AI and ML to further...

The growing digitalization of organizations and IoT/OT convergence have brought new responsibilities for chief information security officers (CISOs)/chief risk officers (CROs). They should address these and prepare for the risk imposed by internet-connected devices. Now, the question arises: why do we see frequent attacks on OT/IoT environments? This question can be answered in various ways, in terms of the intent of attackers, the known weaknesses, easy access, and the minimal cost of executing attacks. Before we venture to understand hackers’ motivations, it is also particularly important to understand a little bit about cyber warfare.

Cyber warfare is defined as techniques, tactics, and procedures used during a cyber war by state-sponsored hackers. There are plenty of these techniques available. Some important ones are described here:

• Espionage: Spying or using spies to steal secrets from another...

Cyberattacks on critical infrastructure can be very catastrophic and fatal too. Let us look at some attacks that have occurred in the recent past and how they have affected the industry and the people involved.

The Triton attack

When we recount critical infrastructure attacks in the recent past, we cannot miss the Triton attack, which happened in 2017. This nation-state attack on ICS happened in the Middle East on Schneider’s Triconex safety systems in a petrochemical plant. This attack on a safety instrument system with malicious code that could eventually lead to the release of toxic gas was one of a kind and could have been fatal to human life.

Now, how did the attacker gain access to the network in the first place to have executed this remote code? You will not be surprised to find out that the action started with a spear-phishing campaign.

Figure 3.2 illustrates this attack in a diagram for a better understanding of the steps that could have...

We have, so far, seen some of the impactful attacks in the OT world and have managed to pick up some lessons from each of them. Most of them point us in the same direction: toward finding a stable solution to be able to apply to both the IT and OT worlds. We have seen some of the amazing benefits of the convergence of IT and OT with Industry 4.0 and how it impacts businesses, thrusting them forward toward success in the data and AI worlds. However, when the fast-paced digital transformation is not intertwined with the right security and monitoring, we will see it hampering businesses in a negative way. We have also learned from previous attacks that the impact on the OT world is visible not only on the business (monetary or reputation loss) but also, unfortunately, on human lives too.

It is especially important to understand the risk appetite of any organization. Based on this, they can focus on how to improve their IT/OT security...

OT attacks are critical and have leaned more toward nation-state attacks; hence, it is crucial to have an overall security system, a zero-trust approach, and a defined risk mitigation approach after finding a versatile asset discovery approach. In the next chapters, we will learn how to implement all these (security, a ZT approach, risk mitigation techniques, asset discovery, and so on), especially focused on OT/IoT security with Microsoft Defender for IoT.