Do You Know the Cybersecurity Risks Hiding in Operational Technology?

Systems like climate control, access control, lighting, video surveillance, aspects of electrical infrastructure and more can pose significant cybersecurity threats to an institution’s network.

CI Staff

By now, business technology officials should we well aware of the cybersecurity risks that exist when various devices are connected to a business’s network. But are they aware of the risks operational technology poses to a network?

A recent Campus Safety Magazine article defines operational technology as hardware or software that controls physical devices or processes in a building.

For many institutions, that includes systems like climate control, access control, lighting, video surveillance, aspects of electrical infrastructure and more.

According to Jon Williamson, a communications officer with Schneider Electric, security managers need to assess the cybersecurity measures they have in place for OT systems in order to prevent cybersecurity attacks.

Here are some threats security managers need to be aware of when it comes to OT systems:

  • Many OT systems are insecure by design: “There’s still a lot of maturing that needs to be done when it comes to OT building automation controls, typically things like temperature control, lighting control, access control, video,” Williamson says. “While it may sound funny, some of the physical security systems like access control are actually behind the climate control systems from a cybersecurity standpoint.”
  • Be very aware of IoT threats: Security managers should look at every device that’s connected to their network as an opportunity for hackers to launch an attack.
    “We’ve had smart and connected devices for years, but what’s happening is more and more devices are becoming smart and connected,” Williamson explains. “So now we’re seeing trash cans and bicycles that are smart and connected, but you’ve got to be mindful of those devices being a new attack vector. It’s worth asking, ‘Do I really need this device smart and connected or can this be handled locally, away from the cloud?'”
  • Keep systems’ online footprint low: Institutions using OT systems, particularly universities with their transient population, should seek to lower their systems’ online footprint as much as possible.

Williamson shares the following tips to improving OT system security:

  • Change passwords regularly
  • Update systems
  • Educate employees
  • Put protections in place during the installation of systems
  • Monitor OT systems for hacks
  • Check login information, look for both successful and failed attempts and other unusual activity
  • Pay special attention to remote connections that occur at odd times (an efficient way to recognize cyberattacks)
  • Monitor services that offer anomaly protection (especially useful for alerting officials if something doesn’t seem right)
  • Define agreements with security contractors and know who is responsible for scanning OT systems

For more information regarding operational technology cybersecurity vulnerabilities, click here.

Also See: 3 Tips to Improving BYOD Deployment in Commercial Businesses