Red Hot Cyber, The cybersecurity news

Red Hot Cyber

Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Search

Connected and Vulnerable: How to Secure OT and ICS in 2025

Redazione RHC : 22 June 2025 23:08

In today’s interconnected world, cybersecurity is not just about protecting information. Today, most devices and physical tools are connected to the network in some way. Whether for its structural operation or for remote maintenance or monitoring activities, all the tools are now connected and interdependent.

This reality, if on the one hand has increased productivity and efficiency, especially in the industrial sector, on the other hand has expanded the threats on which to intervene to mitigate the probability of occurrence and the impact.

There are many frameworks and works already known on the security of the OT and IoT environment for industrial application, in this contribution we want to focus on a document worked on by several hands by US Agencies and organizations.

In particular, the document was developed by Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), Environmental Protection Agency (EPA), and Department of Energy (DOE), which are alarmed by the potential dangers that could arise from a malfunction of Operational Technologies (OT) and industrial control systems (ICS) of critical infrastructure.

The most basic mitigation measures for securing OT and ICS devices recommended in the document are:

  • Remove OT technology connections from the public internet. A first useful activity is to map and identify your assets exposed on public networks and, where such exposure is not wanted and not necessary, remove it. In fact, OT technology does not generally have particularly advanced access authorization and authentication methods that are strong enough to counter modern cyber threats. Cybercriminals, in fact, can use simple and widespread tools that allow them to quickly find access on public IPs and from there gain access to OT devices.
  • Immediately change the default passwords and use a strong password, different for each tool. This is a computer hygiene procedure also recommended for home devices, such as the home Wi-Fi network. The problem of password reuse, whereby multiple access keys tend to be used for different tools, is in turn a big problem at all levels since the compromise of a password can lead to the compromise of multiple tools, in a one-to-many relationship that greatly benefits cybercriminals.

From the study carried out when drafting the document under analysis, it emerged that many systems use default or easily guessable passwords. The use of Rainbow Table and easily available open source tools makes it very easy for attackers to compromise access to operational tools that are exposed on public internet networks.

  • Security of remote access to OT networks. Many organizations, in their risk assessment, adopt or have adopted compromise solutions in the implementation of security measures and access policies to OT tools. With the new awareness of the risks associated with OT tools, these policies should be updated taking care to move these connections to private IP networks and no longer public and to use VPNs with strong passwords and an MFA system that is resistant to phishing. From an organizational perspective, it is useful to document and adopt policies inspired by the principle of minimum access for the types of functions and user activities and maintain a policy that allows you to monitor and disable all dormant accounts in a timely manner.
  • Segment IT and OT networks. This measure can help reduce the potential impact of threats and the risks of disruptions to OT operations. Segmentation, in fact, reduces the possibility of a compromise spreading.
  • Maintain manual access and use. Fundamental from a disaster recovery and business continuity perspective is the ability to intervene quickly by accessing manual control of devices. This security measure makes it possible to react almost immediately to an incident. Business continuity, disaster recovery, isolation capabilities and backups should be tested regularly to ensure the safety of manual operations in the event of an incident.

Organizations should also maintain regular communications with their service and system providers who can assist them in configuring devices in the most appropriate way to ensure the specific security needs of the Organization. Misconfiguration problems, in fact, can happen at any time. Maintaining communication channels with your suppliers can facilitate the traceability and management of these events, reducing the likelihood of future problems and vulnerabilities.

These are some basic measures, easy to implement and therefore urgent, that can be adopted by Organizations that adopt OT tools and solutions.

Redazione
The editorial team of Red Hot Cyber consists of a group of individuals and anonymous sources who actively collaborate to provide early information and news on cybersecurity and computing in general.

Lista degli articoli
Categories
Banner
Redhotcyber is an open-news project that was launched in 2019 and subsequently expanded into a network of individuals collaborating to disseminate information and topics focused on technology, Information Technology, and cybersecurity. Its goal is to increase risk awareness among an ever-growing number of people.

Editorial board : [email protected]

Facebook Linkedin Youtube Telegram Twitter Pinterest Tumblr