What makes operational technology (OT) particularly vulnerable to cyber attacks?
Sort by:
PLCs and other 30-year-old equipment are running Windows CE or Windows 95, which can't be changed. You can't put EDR on them because it doesn't take an agent, so what do you do? You either have to take it off the network, put it in its own VLAN or segment it off the network to keep it from talking to anything. I always hear that the bad guys are just sitting in your network waiting, and it frustrates the heck out of me. That's why I came to Air Gap because we ring-fence every device on the network, and we're doing that for operational technology (OT) environments.
But another factor is that at many manufacturing companies, there's an OT team and an IT team that are in conflict with each other all the time. The OT lead will say, "The IT team doesn't get it because our machines are running protocols that no longer exist in the IT world.” OT is running ISA cards in the machines and IT is telling them to upgrade to USB. But OT says, "No, because that will break the manufacturing line and then it will be your fault when production is down." It’s an interesting problem to solve: how can we get IT and OT to start working together, or be one group? It's not easy.
You often hear that same frustration: why would somebody just be sitting in your network and not doing anything? You’d think that they would be looking around for a way to take action on that endpoint or network. But they could just be an access broker that will wind up selling that access at some point down the road.
It’s because there are so many firms using end-of-life products, especially in the manufacturing sector. They can't be upgraded. The software that was developed years ago is no longer in use anywhere, so you can't even ask for an updated patch. They’re just assuming the risk and operating it, which is pretty common these days.