Our Platform

    Protect and safeguard your OT network and operations with the industry's most advanced, most capable cybersecurity platform.

    Learn More

      icon for visibility

      Asset and Network Visibility

      Discover and visualize every asset and every network connection in your OT environment.

      icon for policy enforcement

      Policy Enforcement

      Segment your network and enforce granular policies for true Zero Trust cybersecurity.

        icon-alert

        Anomaly and Threat Detection

        Identify unexpected or unauthorized activity, from Level 0 signals to cloud connections.

        icon for signal integrity

        Signal Integrity Validation

        Monitor physical process signals to detect threats and prevent system damage.

          Mission Secure Platform Overview

          Learn More

            Industries

            Keep your organization secure against cyber threats and take control of your OT network.

            View All Industries

              A Comprehensive Guide to Maritime Cybersecurity

              Learn More

                Resources

                Find helpful OT and ICS cybersecurity resources, guides, and downloads.

                View All Resources

                  eBook: A Comprehensive Guide to OT Cybersecurity

                  Read More

                    About Us

                    Our team of world-class OT, IT, and cybersecurity experts are setting the standard in OT cyber-protection.

                    Learn More

                      Cyber Risk: From a Hacker's Point of View

                      Listen Now
                        1 Min Read

                        Cyber Attacks: Assume They’re Already in the OT

                        Written by Paul Robertson

                        Cyber Attacks: Assume They’re Already in the OT featured image

                        The day has come - the adage of “assume they’re already in and will stay in” applies to not only IT networks, but OT networks as well.

                        Not all intruders go straight to a visible attack. High-level intruders exploit vulnerabilities, then set up conditions to maintain a state of compromise, especially in the event there is a detection. We call this persistence. Once an attacker has persistence, they are free to disrupt operations at a time of their choosing. While we would obviously rather stop the intrusion, we must also be prepared to maintain operations or quickly restore operations if an attacker is successful. Many facilities and pieces of equipment are physically remote, which is an advantage in terms of access to a physical attack, but a disadvantage in terms of being able to cost-effectively manage and monitor it.

                        Production Operational Technology (OT) networks were designed and built to run production processes with many built before Internet connections were a normal every-day occurrence. As such, protections were built around life and process safety, not computer and network security. Because of this, securing these systems is a bolt-on after-the-fact exercise, and after what may be years of focus elsewhere, with electronic “cyber” vulnerabilities the safest assumption to make is to work from the position that the equipment and networks are already compromised.

                        If your defenses, future plans, processes and procedures all assume that attackers have already been somewhat successful, then protections emplaced will be resilient against not only new attacks, but existent problems as well. This means your operational processes are more likely to remain unaffected by an attack or error than if you take the traditional approach of perimeter hardening alone.

                        In the Ukraine power grid event in December 2015, one of the lessons learned was the malware toolkit was embedded in several of the process control networks — as in resident and undetected. We’ve seen supply-chain firmware attacks on customers Programmable Logic Controllers (PLCs) that were detected after system installation. If we start with the premise of a compromised environment, we can engineer robust protections and detections that allow the best chance of both detecting problems and stopping malice.

                        While we must also deal with difficult updates, long maintenance cycles, short staffing, minimal budgets and an emerging hostile set of attackers learning more about OT networks and equipment, it’s in your best interest to “assume they’re already in and will stay in.”

                        Topics:

                        Interested in learning more? Send us a message.