The importance of cyber security in OT sector

The development of digitalization on the OT aspect often doesn’t go as smoothly as on the IT side. Unlike IT, which priority is to update system and security to the latest version, system updates in the OT area can put critical activities at risk at the plant. Nevertheless, adopting various devices as a way to digitalization is inevitable to keep up with the trend and staying relevant.

From this, risks associated with OT arise. Listed below are some examples of conditions that are common on the production floor:

  • Variations of DCS, PLC, and HMI (Human Machine Interface) from various brands.
  • Serial Type PLC configured via PC/laptop plug-in directly into the HMI.
  • The displays of the machines have adapted to digital, but the OS is rarely / never updated to prevent hampered operations in the downtime. OS in the OT area usually still uses an outdated system like WinCE/Win7.
  • Automatic Updates disabled.
  • The OT (factory) will only operate with systems that have been proven stable. Usually, these systems are not the latest and have outdated in-house security standards that require a lot of retrofits (added features).
  • OT control is decentralized and unique per location. Therefore, remote access is impossible when an issue arises.
  • Staff / System Integrators who perform maintenance on OT devices generally do direct plug-ins on-site.

Various international cases emphasize the importance of securing OT along with developing working methods and data exchange. Production shutdown that starts from Ransomware will threaten KPI significantly.

In following the INDI 4.0 standardization and the development of data protection regulations and cloud computing (public) trends, we need to consider that OT area security ideally can provide:

  • Visibility
  • Distinct segmentation: what is accessible to certain staff.
  • Remote secure access for efficiency.

The solution that can be implemented is placing the NGFW appliance at the right point in the OT environment. The type of NGFW must be suitable so as not to hamper the ongoing operational and routine maintenance processes. Protection of production lines from various intrusions can be done in several approaches, either from regular maintenance executioners or from machines that need to be secured.

References:
1) https://www.fortinet.com/content/dam/fortinet/assets/white-papers/wp-secure-access-ot.pdf
2) https://www.fortinet.com/solutions/industries/scada-industrial-control-systems/what-is-ot-security

Avoid Data Theft Threats with Protection From SQL Injection

With the rapid development of technology that is increasingly leading to cloud computing as a whole, we also need to realize that the types of threats are also growing. The mitigation process of all these threats itself can be very complicated and time-consuming, draining a lot of IT resources which will result in hampered productivity in operational activities that should help the company’s main activities. We can see now that with the availability of various existing HTML5/WordPress services, it is very easy to build an interactive and visually modern web application.

We don’t even need to have our own server for hosting, which is also available for rent from various providers. More sophisticated are the products/instances provided by various cloud providers, where for example we can choose the type of database engine or storage type that is most optimal for current needs with the option for small/large development almost instantaneously. All transactions and module selection can be done online, and a drag-and-drop interface model of content is commonplace. Even with the facilities available, we need to be aware of the risks that can occur. Is it properly protected? It should be realized that if we use other party SaaS applications the entire scope of the backend structure.

Moreover, if our operators do not have good knowledge of cybersecurity and we are completely dependent on the expertise of service providers, this increases the risk of negligence that can lead to data breaches and worse, customer information. The OWAPS annual report indicates threats that we need to consider mitigating especially when developing a web application, especially for companies that enable interactive/semi-interactive communication with customers. We have seen for ourselves with our data must be submitted to mandatory applications recently, the e-KTP data leak is very disturbing for us, the application users.

One of the threats that need to be considered from the INJECTION type is SQL Injection. An example of an SQL Injection event is a web application that requires a login using a UserID-Password. Instead of entering a valid combination, the hacker will enter a SQL command that will “force” the application to check the database against entries and at the same time, perform “snooping” and plagiarism of the database. The information obtained is then used for extortion, trading, or hacking which can cause improper changes to web content. FortiWeb specifically mitigates this risk, along with other threats related to web applications. While the firewall in general will protect our internal network, the features of FortiWeb will protect servers that load web applications, including if they are on a cloud network.

FortiWeb provides advanced WAF, Bot Mitigation, and OpenAPI protection. Topologically, FortiWeb can be placed anywhere as long as routing can be connected to the webserver and client (public). A little further about the advantages that make its status as advanced WAF is the existence of machine learning related to legitimate requests, which will ease the burden on IT personnel to manually make adjustments/patching every time a new legitimate request enters the system.

FortiWeb also has File Upload protection which scans the data we send to the public to be free from hidden malware. However, due to the large variety of web application implementations, of course, there is no one solution that can completely sweep the world at an optimal price.

Contact us ACS Group for further review to maximize the security of your applications and data.