Intellectual Property (IP) theft as a component of broader adversary information operations is an enduring and acknowledged risk, but one which is more often referenced in relation to enterprise IT environments than operational technology (OT) networks. This does not mean that OT networks are somehow immune from this threat. Given that for many OT networks, valuable IP is hardcoded into the processes and operations the networks oversee, options for mitigating risk are somewhat circumscribed by this central reality.
IT and OT networks are increasingly interconnected, a dynamic driven by diverse forces spanning from unprecedented global pandemics to support for broader digital transformations. This increasing interconnectivity blurs the boundaries between these two previously distinct network domains. It has been accompanied by a spillover of threats more generally associated with IT into the OT network space.
IP theft through cyber means is no different, and increasingly robust protections for sensitive information in the enterprise IT realm can create a disparity in information availability and protection that could drive an adversary to pursue sensitive information from a company’s OT network, which they are unable to access elsewhere.
Given the potentially high returns on time and effort invested for those adversaries focused on IP theft, it is not surprising that the security community has observed multiple groups targeting networks in pursuit of protected IP for over a decade. While many of these incidents have historically been detected in enterprise IT environments, this disproportion is also influenced by disparities in visibility and monitoring between the two network types. The scope of the incidents is indicative of the extent of the potential threat and OT networks themselves have not been excluded from adversary targeting and operations. Accordingly, these OT network segments should also be prioritized for incident response (IR) planning, increased visibility, and robust monitoring.
Manufacturing Processes and Information Availability
Dragos assesses with moderate confidence that adversaries are most likely to pursue IP theft in OT environments as part of a broad campaign and that the sensitive information an adversary can acquire from an OT network may not be available in other parts of a company’s network. Within enterprise IT network segments, sensitive IP is increasingly stored offline or within closely guarded network enclaves. In contrast, on the OT side of the network, this IP is likely to be embedded into the processes the OT network manages and may be impossible to separate from the OT network’s operation.
This information includes details on the amounts of inputs or ingredients, and the specifics of the processes applied that transform raw materials into a finished product or substance. Dragos assesses with moderate confidence that network devices which aggregate and store data over longer periods, such as data historians, will remain a logical first target for adversaries targeting IP within OT network environments. This is especially true for networks overseeing continuous and batch manufacturing processes.
Dragos has observed a steady growth in both threat activity and the diversity of industrially focused adversaries since 2017. While defending OT networks and their valuable intellectual property from adversary threats is potentially challenging, there are tools, community resources, and partners are positioned to assist companies along this journey.
In a our whitepaper, “Intellectual Property Theft in Operational Technology Environments,” we took a deep look into how IP theft impacts industrial control systems (ICS) and OT. The whitepaper looks at the influence that the manufacturing process has on information availability in the following environments:
- Batch Manufacturing
- Continuous Manufacturing
- Discrete Manufacturing
It assesses the implications for asset owners and operators that go beyond information loss and recommends five critical controls for ICS/OT cybersecurity that can help avoid these risks.
Get the Complete Analysis
Ready to put your insights into action?
Take the next steps and contact our team today.