Supply Chain Protection in IT and OT Environments with Radiflow Solutions and Safetech Services
By 2030, supply chain compromise amid software dependencies and application-level integration will become the biggest cyber threat facing organizations, according to the European Union Agency for Cybersecurity (ENISA). Supply chains are becoming increasingly vulnerable to cyberattacks, targeting both IT and OT environments. A survey by Palo Alto Networks showed that, globally, in 2023, 75% of the surveyed industry organizations detected malicious activity in OT environments, and 25% of them had to suspend their operations.
In 2021, following a ransomware attack on Colonial Pipeline’s digital systems, the activity of the most important oil pipeline in the US was stopped for a few days, forcing the company to pay $4.4 million to resume its operations. More recently, in 2024, U.S. authorities discovered that more than 200 port cranes manufactured in China and installed in U.S. ports were equipped with “backdoor” modems that could be used for data collection.
Romania has not been bypassed either. In February 2024, a ransomware cyberattack took place on the provider of an important hospital management software platform, which led to the disruption of activity in 26 hospitals. In the same month, numerous ransomware attacks were carried out through the Anydesk utility, used by many IT companies to provide remote support services to customers.
Partner ecosystems and supply chains are becoming increasingly complex
Organizations face two major challenges in the supply chain: visibility and management of security risks from third-party vendors. OT operators purchase hardware and software solutions and products from various vendors, including machine builders, manufacturers of physical components, Industrial Internet of Things (IIoT) devices, network equipment, and system integrators, to automate their operations. This diversity increases productivity, but it also comes with risks, as operators do not have complete cyber visibility into these products and services. If these third parties do not implement strict security measures, their products can become attack vectors, giving hackers access to OT networks and assets.
Current Challenges in Supply Chain Protection
Supply chains are increasingly exposed, with hackers exploiting vulnerabilities in software, devices, and networks to compromise operations. These are some of the most common threats:
- Software vulnerabilities: Commercial and open-source software are attractive targets. Thousands of companies can install the same software product from a particular vendor, and the malware introduced into such a product can infect numerous networks, making it easier for attackers. Malicious software can infect a vendor’s systems, spreading to other segments of the supply chain.
- Zero-day vulnerabilities: Attackers discover and exploit unknown (zero-day) vulnerabilities in the software/hardware in the supply chain. They are especially difficult to protect because there are no patches available yet.
- Supply chain interception: Attackers can infiltrate supply chain communication channels or software updates to inject malware, compromise data, or manipulate orders. This can lead to counterfeit or modified products being introduced into the supply chain. Other consequences include compromising the integrity of hardware components or industrial control systems.
- Phishing and social engineering: Attackers use phishing emails or social engineering strategies to manipulate employees in the supply chain, causing them to disclose sensitive information or download malicious software. The consequences can seriously affect the integrity of the supply chain.
- Data breaches: Critical data breaches in the supply chain lead to the exposure of trade secrets or customer data, which can have serious legal and financial consequences.
- Inadequate security practices in the supply chain, such as weak password policies, lack of regular updates, and insufficient employee training, can lead to vulnerabilities.
- Connections with IT systems: Industrial control systems (controllers, sensors, etc.) as well as devices used for production operations are increasingly connected to the company’s IT network and introduce additional attack vectors.
IT Security vs OT Security at the Supply Chain Level
Following the attack cited at the beginning of this article, the targeted company, Colonial Pipeline, took the extreme measure of shutting down IT to prevent damage from spreading to the OT system. He also paid the ransom in order to be able to resume the activity without additional consequences for the population. The case illustrates that the integration of IT and OT systems has changed the way industrial companies operate. Today, there is a need for cybersecurity to protect both IT systems and critical operational infrastructure.
Traditionally, IT and OT environments have required completely separate approaches to security. For IT, the main assets are PCs, servers and networks, and the main “capital” is data. The role of IT security is to protect the confidentiality of this data, with the help of specific tools, from antivirus and firewall to encryption.
On the other hand, the top priority of OT security is safety and ensuring business continuity. The legacy nature of OT systems has led to the formation of complex networks of software and hardware, industrial elements, and ancillary components. Monitoring and protecting such a large number of items is difficult, given that these systems must always remain online. Unlike IT networks, which can be temporarily shut down for security updates, OT systems do not have this flexibility. The traditional solution has been for OT systems to be developed in the form of silos, in order to be protected from external threats.
The increase in the need for interconnectivity due to Industry 4.0, considered the fourth industrial revolution, but also the integration of Machine Learning and automated processes in industrial technology have led to the convergence between IT and OT.
Measures and solutions recommended by Safetech Innovations and Radiflow
Safetech Innovations responds to these challenges by partnering with Radiflow and introducing the Radiflow OT Cybersecurity platform in its portfolio. This platform improves the protection of critical infrastructures against cyberattacks, being aligned with the needs of companies in the energy, utilities and manufacturing sectors.
Safetech Innovations and Radiflow propose a series of concrete measures to strengthen the security of the supply chain:
- Risk assessment and management by identifying essential systems/components for operations, understanding potential threats and their impact on the supply chain, but also by regularly assessing hardware/software/process vulnerabilities. Radiflow CIARA supports security teams in proactively managing cyber risks and building resilient operations, by complying with risk management directives and regulations (NIS2, IEC 62443, NIST CSF, etc.).
- Supplier management involves assessing the risks associated with them, including analysing the security posture of suppliers and their products. OT operators must include security requirements in contracts with suppliers and carry out regular audits and assessments to maintain compliance with security standards.
- Secure design and development involves adopting secure coding practices, which ensure that software is developed according to security standards. At the same time, it is necessary to keep the software and firmware updated with the latest security patches.
- Access control, based on the principle of least privilege. Implementing multi-factor authentication (MFA) to access critical systems is essential, and network segmentation limits the spread of potential attacks.
- Monitoring and detection. Continuous monitoring of the OT environment allows unusual activity to be identified. Intrusion Detection Systems (IDS) guarantee a rapid response to security breaches. An incident response plan is also required, which should be developed and updated regularly to adapt to the specifics of the OT environment. Radiflow iSID provides non-intrusive monitoring of critical infrastructure and industrial networks, detecting anomalies in topology and behavior, as well as cyber threats, thus strengthening visibility across the entire OT environment (networks, behaviors, devices, protocols, etc.).
- Supply chain transparency involves traceability, maintaining up-to-date data on the origin and movement of components along the supply chain. It is necessary for OT operators to require suppliers to provide effective security practices and transparency on their supply chains.
- Regularly training employees and raising their awareness of security best practices and threats. Senior management must be trained on the responsibilities imposed by NIS2, including budgeting for security and adopting cybersecurity solutions. In addition, employees must be educated about phishing and social engineering attacks so that they can react appropriately to these threats.
- Regulatory compliance. OT operators must maintain compliance with relevant regulations/standards by conducting regular verification audits. Radiflow CIARA conducts fast and accurate security audits, identifying gaps and non-compliance issues, while evaluating the contribution of mitigation solutions to risk reduction, thus optimizing the security budget for maximum ROI.
- Resilience and redundancy by developing and updating business continuity and disaster recovery plans. It is important for OT operators to implement redundant systems to ensure continuity of operations in the event of failures.
- Collaboration and information sharing by participating in groups and organizations dedicated to information sharing, as well as by collaborating with government agencies to obtain threat intelligence and support.
In direct connection with the above recommendations, Safetech Innovations provides:
- Cybersecurity risk assessment services in IT and OT environments,
- Security assessments and audits,
- Software Application Penetration Testing Services,
- MFA access control solutions,
- Comprehensive services and monitoring and detection systems in the field of cybersecurity,
- Regular training services for employees in the field of cybersecurity.
For more information on securing the supply chain in IT and OT environments with the help of Radiflow OT Cybersecurity and Safetech Innovations, we invite you to contact us by email at sales @ safetech.ro or by phone +40 21 316 0565.