For a very long time in the Operational Technology world, when we were thinking about securing our industrial networks, we turned to the idea of deploying our network inside a nice “Air Gap”. This meant having these networks isolated from the rest of the planet and living in little private bubbles, safe from faceless attacks launched by multiple threat actors across the internet.

Of course, time after time, attackers have proven that such air gaps can be easily bridged, opening the floodgates to a host of potential threats against these “juicy systems”. These attacks have not only caught by surprise the most seasoned experts, but have also provided deep insights into the ingenuity of these attackers and the fluidity they are able to elicit from confidential information and systems availability.

This, paired with the advent of the IoT wave - the “Internet of things” paradigm - where the main use case is having everything reachable from the convenience of our phones or over our browsers, spelled the end of the elusive Air Gap™ as the catch-all solution for our industrial security needs. Suddenly, we found ourselves setting up passwords for our HVAC systems (or worse, just rolling with the manufacturer’s default security options).

This also smashed our unprepared OT networks face first into the well-known cyber security problems from the IT realm, forcing the IT and OT to finally bridge their own air gaps and join efforts to implement proper and modern security controls in our industrial system networks.

Threat intelligence & red teaming

In the specific case of physical building systems, one can infer a clear need for integrity, confidentiality and availability with respect to the building’s own access control, alarm, safety, automation and control systems. Any failure in one of these crucial systems would further compromise the overall security of at least the physical asset itself, and at worst the humans inhabiting it.

Sometimes, when we think of “building security”, we visualize alarm systems, guards and CCTV circuits, while failing to see how important the network perimeter between the internet and our remote access to these systems has become (and how setting up a smart home, access control or a remote alarm system suddenly brings these ominous realizations into view).

Not only do we, as defenders, have to be at the top of our game to keep these systems secure; we also have to be aware of the current threat landscape, the techniques and procedures of attackers, so we can constantly test our own defenses, and keep making it harder - or at least more costly - for attackers to seize our assets. Threat intelligence then becomes an important tool in our cyber security defense arsenal, along with red teaming perspectives.

But how exactly do these attacks look like to an attacker? And which scenarios should we be aware of, in order to deepen our understanding of the cyber security needs? 

Tune into our talk in RecoTech next week to learn a bit more and get a discount of 20% on matchmaking tickets with our code RECOTECH-KPMG20. 

More information:

Alberto Zorilla
Senior Cyber Security Specialist