If you’ve found this article interesting, please visit and follow Radiflow on LinkedIn, where you’ll find a wealth of exclusive content.
In 2015 the electric grid system in western Ukraine was attacked; not by military planes or tanks, or grassroots protesters or terrorists, but by malware known as “BlackEnergy.” It was the first known cyberattack against a power grid that resulted in a blackout.
The specific BlackEnergy malware deployed against the Ukrainian electric grid targeted the grid’s ICS (industrial control system). It shut down critical ICS software and corrupted it to prevent a restart. The blackout affected over 200,000 customers for several hours.
OT Security Today
Today, industrial facilities around the world control their OT (operational technology) systems, including ICSs, through automation networks. At the same time they seek greater visibility into their plant operations, better coordination and interoperability, and more automation.
But the fact is the OT systems in many of these factories, power plants, chemical plants, and other industrial facilities are no more protected from malware than Ukraine’s electric grid was in 2015.
The problem begins with differences in mindset between OT designers and operators and their IT counterparts. Previously, OT systems were designed for efficiency, productivity, and worker safety. There was little regard for data security. And because most OT systems were self-contained and isolated from the plant’s data networks, there was little incentive to design for security.
The convergence of OT and IT has given hackers a much broader “attack surface.” There are now new ways they can infiltrate a company’s systems and damage its operations and reputation. Whether motivated by mischief, greed, a desire for unfair competitive advantage, or geopolitics, hackers can put industrial machines and entire plants out of commission.
Because of today’s emphasis on lean manufacturing, businesses often lack the equipment or personnel to take up the slack when a production line has fallen prey to a cyberattack.
OT Risk Assessment: Your Key to OT Security
Many companies are finally acknowledging they have an OT security problem.
A good first step in identifying the scope of that problem is conducting an OT cyber risk assessment. This assessment reveals the vulnerabilities in your OT environment and can be used to determine a course of corrective action.
An assessment should consist of, at a minimum:
- Identification of OT assets – all hardware, software, and connected machines are identified and characterized, along with any interconnections or integration points among systems and between OT and IT systems.
- Vulnerability assessment – each asset is analyzed to identify its security vulnerabilities. The analysis covers, as applicable, the operating system, application software, communications protocols, hardware interfaces, and more
- Threat landscape model – vulnerabilities are matched with known malware and intrusion threats. This provides an assessment of the likelihood of a cyberattack.
- Overall risk assessment –the vulnerability and threat assessments inform the overall risk assessment, which shows where the greatest risks are. This helps prioritize corrective actions.
There is no one-size-fits-all when it comes to OT risk assessment. Each industry (electric power, process manufacturing, renewable energy, water, and wastewater, etc.) has different characteristics, so the risk assessment should be tailored to the specific plant or facility.
The OT Risk Management Plan
The result of the security assessment should be a plan of action, prioritized according to risk, the business should take to protect itself. But the actions a company takes in response to an OT security assessment are not limited to mitigating immediate security vulnerabilities.
OT security is an ongoing activity that includes:
ICS asset management – An ICS asset management system tracks your ICS systems and components and the security status of each. It identifies when new components are added to the environment. In this way, operators have instant access to information about the security of their OT systems.
OT monitoring – Like its IT counterpart, OT monitoring systems guard your OT environment, identifying attacks when they occur and alerting security personnel.
Get Professional Help with your OT Security Assessment
An OT security assessment is not a do-it-yourself project. In many cases, OT systems are owned and maintained by operations staff, not IT staff. Most operations personnel lack the knowledge and skills to perform an effective security assessment. This makes it all the more important to bring in outside consultants specializing in OT risk.
Radiflow launched its cyber industrial automated risk analysis (CIARA) platform in 2020 for exactly this purpose. As one of the first risk analysis platforms based on the ISA/IEC 62443 framework, CIARA was designed around emerging best practice for risk modeling and management. It’s the first fully automated tool for assets data collection, data-driven analysis and transparent risk metrics calculation, including risk scoring per zone and business process based on business impact.
At Radiflow, we believe the most important steps toward securing your systems are taken before a threat is identified. There should be no compromise on ICS or OT security, but you can’t protect what you can’t see, and you can’t manage what you don’t know.
Radiflow’s renowned team of cybersecurity experts has taken the guesswork out of OT security by empowering our customers with actionable data. If you’re ready for industrial threat detection and risk management decisions backed by research and led by innovation, contact us today. You’ll benefit from a diverse team of cyber experts who can assess your cybersecurity readiness and offer the solutions necessary to protect your operations.