OT Cybersecurity Best Practices for SMBs: How to Remediate External OT Network Connections to the Internet

This is our monthly blog detailing best practices for OT cybersecurity for under-resourced organizations by Dragos OT-CERT (Operational Technology – Cyber Emergency Readiness Team), which provides free resources to help small and medium businesses (SMBs) create or enhance their OT cybersecurity program. The Category and Practice from the “OT-CERT OT Cybersecurity Fundamentals Self-Assessment Survey” is noted for each SMB cybersecurity best practice. Hopefully, you filled out the survey and identified your gaps – these best practices can be implemented to begin to address those gaps. If not, there’s no time like the present – join OT-CERT and get started today!

Larger Organizations Take Note

If you have been increasing your security posture and reduced risk of a significant cyber attack in your enterprise, including your OT environment, that’s excellent news! However, does your risk assessment include the possibility of a cyber attack on one of your critical suppliers, and the impact that would have on your company’s operations? Could you still produce your product or provide services to your customers? Read on to ensure that you are quantifying the likelihood and impact of that risk correctly in light of the current threat environment. And strengthen your supply chain security risk posture by promoting OT-CERT to your suppliers!

How Can I Tell if Devices in My OT Network Are Connected to the Internet?

The easiest way for cyber threats – both intruders and malware – to compromise your OT network is through industrial control systems (ICS) / OT assets exposed directly to the internet. Many organizations believe their OT environment is air-gapped from the Internet, but few really are. In fact, direct Internet connections from OT is a common finding when we do risk assessments, even in larger organizations. Internet connections, browsing, and user-based email provide opportunities for adversaries to find and gain access to industrial systems.

We provide you with a quick method for determining if you are exposed in the table below. Do these steps as soon as possible so you are aware of and can remediate the easiest way for attackers to compromise your industrial systems.

The Dragos Academy module, OT-CERT Jump Start: Practical Guide to ICS/OT Internet Connectivity for Small and Medium Sized Businesses, provides a demonstration for Step 1 below. This module is available to all OT-CERT members.

Stay Up to Date with SMB Cybersecurity Resources: Join Dragos OT-CERT today!

Dragos OT-CERT offers FREE resources to help SMBs build their own manufacturing / OT / industrial control systems (ICS) cybersecurity program without hiring any cybersecurity experts. OT-CERT membership is free and globally available to OT asset owners and operators. Resources are oriented toward small and medium businesses and resource-challenged organizations with OT environments that lack in-house security expertise. Members have access to a growing library of resources such as reports, webinars, training, best practices blogs, assessments, toolkits, tabletop exercises, and more.

Currently available resources include:

• OT Cybersecurity Fundamentals Self-Assessment Survey
• OT Asset Management Toolkit
• Self-Service OT Ransomware Tabletop Exercise Toolkit
• Collection Management Framework for Incident Response
• OT Cybersecurity Incident Response Toolkit
• OT Data Backups Guidance
• Access to an introductory ICS/OT cybersecurity module in Dragos Academy

If you haven’t joined Dragos OT-CERT don’t delay! Membership is open to organizations that own or operate a manufacturing / ICS / OT environment. Please join and spread the word to your community and supply chain so we can all work together to raise the security posture of the entire ecosystem – we are only as strong as our weakest link.

We look forward to working with you to safeguard civilization!