Interview With Almog Apirion , CEO And Co-Founder of Cyolo

Through trustless, agnostic software, Cyolo gives security leaders the controls to safely provide asset access — not broad network access — to on-premises, remote, and third-party users.

1. How does the increasing convergence of IT and OT systems, along with the growing adoption of internet-connected devices (IIoT) in critical infrastructure, specifically complicate OT security efforts?

The convergence of IT and OT creates a variety of unique challenges, including integration hurdles. Security teams may struggle to seamlessly integrate security controls and monitoring tools across these historically disparate environments, potentially leaving security gaps. The traditional siloed approach to IT and OT security creates another obstacle. The continued lack of collaboration between these teams makes it difficult to develop and implement a unified security strategy that effectively addresses the unique challenges of a converged IT/OT environment.

This convergence introduces several security risks. OT systems are usually legacy-based, making them incompatible with common security tools. These outdated systems often lack modern security features and are difficult to patch, creating vulnerabilities that attackers can exploit.

IT and OT have different priorities as well. IT security traditionally focuses on confidentiality of data, while OT security prioritizes the availability and safety of critical infrastructure. This difference in priorities can create friction when developing a unified security strategy.

With the influx of IIoT devices in converging environments adds another layer of risk. These devices often have weak security features and may be poorly patched, creating vulnerabilities that attackers can exploit to gain a foothold in the network.

2. Can you elaborate on specific examples of how security vulnerabilities in OT systems have translated into real-world safety hazards for workers in critical infrastructure sectors (e.g., power generation, water treatment)?

Cyberattacks in OT settings can pose a significant threat to physical safety. Malicious actors, and even human errors, can affect the safety of workers. For example, if hackers infiltrate devices and disrupt critical infrastructure like water treatment plants or power grids, it can cause widespread harm to fieldworkers and communities. Unauthorized access to industrial machinery, like robots, boilers or blast furnaces, can cause malfunctions that seriously injure workers.

For example, a water treatment plant might be vulnerable to a cyberattack that gains unauthorized access to its Programmable Logic Controllers (PLCs) – which enable communication through specialized protocols. By altering settings or disrupting chemical dosing systems, attackers could contaminate the water supply, exposing workers at the plant to hazardous chemicals or potentially causing downstream health risks for the community.

In the case of gas pipelines, a cyberattack targeting the control systems could lead to disruptions or malfunctions, potentially causing leaks or explosions that put workers maintaining the pipelines at significant risk.

3. Given limited resources, which 2-3 components of OT security should critical infrastructure enterprises focus on first to establish the strongest possible foundation for cyber-physical safety?

Critical infrastructure enterprises should focus on these 2-3 core components of OT security to establish a strong foundation for cyber-physical safety:

• Defensible Architecture: A fully defensible architecture includes visibility and enforcement mechanisms to bridge human and technological aspects of security. Prioritizing segmentation within limited resources is also key. Segmentation, such as the Purdue Model, isolates critical systems from non-essential systems and the internet, reducing the attack surface and limiting the potential impact of a cyberattack.
• Remote Access Security: In today’s hybrid work environments, securing remote access from both internal and external parties – including contacts, OEM vendors and security vendors – to OT systems is crucial. Enforcing stringent access controls like continuous authentication and authorization helps prevent unauthorized access and malicious actions that could compromise safety.
• Risk-Based Vulnerability Management: This prioritizes addressing vulnerabilities based on their potential to disrupt operations and endanger physical safety. It maximizes the effectiveness of limited resources by focusing on the most critical issues first. It enables enterprises to identify and patch vulnerabilities that could be exploited to manipulate control systems and cause physical harm.

By focusing on these  components of OT security, critical infrastructure enterprises can establish a strong foundation for cyber-physical safety, even with limited resources.

They address the most critical vulnerabilities and empower enterprises with unsurpassed visibility and control of critical digital assets.