A common topic in the field of OT Cybersecurity is “insecure by design.” OT systems have a much longer lifespan when compared to IT assets. Automation vendors designed and architected legacy systems – some of which have been in service for over 30 years – before cybersecurity was a concern. They contain design flaws attackers can use to access the systems. To mitigate “insecure by design” cyber risks, owner operators are currently focused on strengthening physical and perimeter security to make it harder for threat actors to access and exploit their systems.
However, there is another type of vulnerability that organizations must also consider in their OT cyber security strategy, which can be termed “delicate by design.” Many OT systems contain idiosyncrasies in their configuration schema that increasingly sophisticated attackers can exploit to shut down a control system and even cause physical damage. The risk posed by these attributes has increased as state-sponsored threat actors increase their OT system knowledge.
In 25 years of business, PAS has collected data from thousands of control systems. PAS recently completed a statistical analysis on over 50,000 assets to identify common “delicate by design” attributes that increase cybersecurity risks. In this session Mark Carrigan will discuss:
– “Delicate by design” characteristics found in OT systems today
– Examples of how an attacker can exploit these issues to cause physical damage
– Actions you can take to mitigate the risk associated with these design issues