T SECURITY RISKS
EING INTRODUCED
S IT AND OT
ORKS CONVERGE?
///////////////////////////////////////////////
urity risks
ge? Here is
of Product
ical separations
. In the last 20
sed directly to
sensors to retrieve
rollers and USB
are, for example.
ed cybersecurity
iticality of services
ks have become
tive to hack and
isible in the growing
ed exploit kits, easily
cy technology
ptions such as
designed to attack
facing OT networks
ulnerability and
20 revealed that
ERT advisories
2018 to 2019. And
ergence of corporate
tworks, threats
ts present a greater
danger than ever before. Vulnerabilities and
security issues within both environments
can give an attacker a foothold, as well as
opportunities for lateral movement.
One of the most significant OT
vulnerabilities published in 2019, with
a 10/10 severity level, was ICSA-19-
043-033, which warned about several
vulnerabilities within WibuKey’s digital rights
management product. This vulnerability
allows privilege escalation and has remote
code execution (RCE) attributes: if exploited,
the attacker could take control of the
affected control and monitoring system.
Considering how OT devices are increasingly
connected to the wider business’ IT
environment, this vulnerability highlights
the pressing need for organisations with
OT networks to improve the security which
surrounds their critical infrastructure.
To tackle threats to hybrid IT-OT networks,
organisations need to build a united view
of their hybrid network infrastructure so
that they are able to understand network
context with holistic network modeling and
mapping, confirm effective controls through
firewall and access control systems, identify
vulnerabilities and effectively prioritise
patching. It’s far from a simple task but
the need for improved protections for
organisations with OT infrastructure
cannot be clearer.
www.intelligentcio.com