| Excerpt below from full article posted here: https://mixmode.ai/blog/operational-technology-risk-attack-paths-challenges-and-protection-for-vital-industrial-systems What is Operational Technology?
OT is defined as the hardware and software that keeps power plants running, manages factory process lines, and works together to achieve an industrial objective such as manufacturing, transportation of matter, the generation of energy, etc. In the context of network security, one of the biggest blind spots to a typical factory operation is the manufacturing line or factory floor. In many production lines there are smart tools to control devices that are frequently overlooked as threats to the network. Who has access to the operations beyond the factory walls? Third-party vendors, contractors and vendors create risk. Which supplier is able to connect to your OT environment? What is transmitted? Is it secured? Supply-chain attacks have dramatically changed the attack surface of the manufacturing network in the past few years, with more suppliers and service providers touching sensitive data via the (Industrial Internet of Things (IIoT) than ever before. OT Attack Paths Adversaries are always looking for new methods to attack networks with sensitive or proprietary data. For OT, NTTSecurity identifies potential attack paths as: -Uncontrolled maintenance access to machines
-Unpatched control servers, PLCs, CPUs
-Non-hardened OS components
-Hardcoded usernames & passwords
-Web-based access without security
-Missing network segmentation, unknown data flow
-Unprotected gateways Leading to the following possible impacts: -Loss of production (denial of service)
-Manipulation of production processes
-Theft of Intellectual Property (IP)
-Lateral Movement
-Environmental influences
-Safety issues and/or destruction of machinery |