Protecting IoT devices and OT Networks from Cyber Attacks

By Russ Schafer, Head of Product Marketing, Security Platforms

Cyber criminals have taken advantage of the remote work required by the coronavirus by stepping up their attacks on medical, enterprise, and industrial IoT devices and critical infrastructure. Given 63% of enterprises, 92% of industrial organizations and 82% of health care organizations use IoT, almost every enterprise is exposed.  Everything from IP cameras and smart elevators to patient monitors, MRI Machines and industrial control systems are connected. Unfortunately, connecting IoT devices to your IT network extends the attack surface, and adds entrance points for hackers to target. The security risk is real as 67% of enterprises and 82% of healthcare organizations have experienced IoT security incidents.

Check Point’s IoT Cyber Security Solution secures thousands of IoT device across smart office, smart building, healthcare and industrial environment from network-based and device-level attacks.  For more information on our healthcare and enterprise solutions, please sign up for our webinar on Protecting IoT Networks and Devices from Cyber attacks.

Join the webinar: Preventing Attacks on IoT Devices and Networks

Register: AMER | EMEA


This blog will focus on the security solutions for the Operational Technology (OT) networks and Industrial Control Systems (ICS) that manage our critical infrastructure including oil and gas, manufacturing, transportation, and utilities. You can also learn how to Protect Industrial Control Systems and OT Networks from a Cyber Pandemic from our latest webinar.

Industrial Control Systems (ICS) that Operate Critical Infrastructure

Critical infrastructure includes the water we drink, the electricity that powers our homes, and the transportation that ship’s cargo around the world by sea, land and air. It dispatches our emergency services and ensures our traffic turns smoothly.  It automates the manufacturing of the products we use daily and powers our oil, gas and renewable energy industry. It even controls the building management systems in hospitals, data centers and office buildings. As you can see, an attack on critical infrastructure can impact almost everyone.

Cyber Security Risk is Dramatically Amplified by Coronavirus

Cyber attacks on critical infrastructure increased 2000% in 2019, often damaging
critical operations. The remote work required by the Coronavirus has amplified the security risk. There is a shortage of critical infrastructure workers and due to illness and quarantine, more employees are working remotely with fewer security barriers on their home networks than they would have in the workplace.

These remote connections have blurred the IT-OT segmentation and expanded the attack surface providing new entry points for hackers to exploit. If a worker’s laptop is compromised, that can have implications on access to both the IT and OT networks, as the attacker can ride on whatever privileges that employee to move laterally from the IT network to the OT and ICS system on the production floor.  Once in the ICS network, hackers can monitor and manipulate operational components, including reading commands or changing them to shutdown operations.

ICS Attack Surface and Frequency of Attacks Expanding

The ICS attack surface and frequency of attacks is expanding with 61% of incidents disrupted organizations OT and impacting production processes. Securing today’s critical infrastructure against cyber-attacks is more challenging than ever before for a couple of reasons.

First, ICS assets are more vulnerable to attack as many were never meant to be connected to a network.  Second, ICS systems are become more connected as companies embrace ‘Industry 4.0.’  Industry 4.0 is the combination of traditional manufacturing with the latest technology, including IoT and M2M communications, to enable automated, smart processes.

This has great benefits, but it has expanded the OT and ICS networks to connect tens of thousands new, intelligent devices – which means thousands of new points of vulnerability.  This has continued to blur the line between OT and IT networks making it easier for hackers to move laterally across the network.

ICS Assets are Inherently Vulnerable

ICS devices run on legacy and proprietary software that was not designed with built in security. These devices were not originally designed for network connectivity much less security. They lack sufficient user, data and system authentication capabilities. Their software cannot be updated or patched frequently, due to access limitations, concerns over downtime or the need to re-certify systems.

Windows XP is a primary underlying system for operational technology. Adversaries know the operating system is an Achilles’ heel because it is no longer actively supported by Microsoft, and it is extremely difficult and costly for businesses to update mission-critical devices that run XP and they use weak or hardcoded passwords that are easy to break into.

This has made them a prime target for tailored APT attacks, traditional malware, phishing and ransomware attacks that usually start on the IT network. ICS devices are an especially enticing target for attackers who use ransomware because they know that businesses would rather pay the ransom than face having the machine offline—or, worse, taken down completely. What kind of security systems can address all these challenges?

You can’t protect what you can’t see

While OT environments in organizations are growing increasingly complex, traditional IT security solutions have remained far behind.  The starting point is increased risk visibility.  Companies need an easy way to determine what devices they have and determine their vulnerabilities and risk.  The second is being able to monitor the ICS and SCADA protocols and commands, so it can be determine if they systems are connecting and communicating properly.  The third is to enable you to create security policies design for OT and ICS systems that can prevent security breaches and keep up with the latest threats. All this has to be done without impacting security operations.  Security must be easy for organizations to deploy with automated protection that does not impact day to day operations.

Check Point’s Industrial Control Security Solution: New 1570R Security Gateway

Check Point ICS security solution minimizes risk exposure across IT and OT environments, and blocks attacks before they reach critical assets. All in a way that is easily scalable and non-disruptive to critical processes.

Discover & Assess Device Risks

Check Point enables you to discover all OT and ICS assets and determine security risks and vulnerabilities. From a single console, you can view all assets classified based on their risk level and drill down for a risk analysis per asset.

Recommended Zero Trust Security Policies

Once you understand your risks, Check Point suggests Zero Trust security policies customized per device to instantly minimize your risk exposure.  This can save you months of manual policy configurations and ensures your OT assets are secure from the first moment they connect to the network. This allows you to easily implement policies that will ensure systems only use communication protocols they are allowed to use and enables you to block unauthorized access to and from your OT devices.

Threat Prevention Starts with IT/OT Network Segmentation

They key to network design is segmenting your IT and OT networks, so hackers can’t latterly move across your IT infrastructure to the manufacturing facility. Check Point Next-Generation Firewalls including the new 1570R provide boundary protection between the IT and the OT network and micro segmentation among product lines and departments on the shop floor.  The Purdue module in the diagram to your right is the preferred method of IT and OT network segmentation.  With granular visibility into SCADA protocols and commands, these firewalls provide access control throughout the OT environments.

Threat Prevention with Protection Against the latest Threats 

As we learned earlier, security should be easy to implement without impacting operations.   Check Point’s solution enables to you protect all devices against known and unknown Zero day attacks through virtual pathing.  Check Point has over 300 IPS prevention signatures against OT related attacks that are constantly being updated through our ThreatCloud
threat intelligence database.   Check Point ThreatCloud is the largest threat intelligence network on the globe. It has unmatched visibility the latest malware and phishing attacks.

1570R: Industrial Control Systems Security Gateway Secure, Ruggedize and Built for OT

One of the key components of our Industrial Control Security Solution, is our new 1570R Security Gateway. The 1570R is secure, built for OT and ruggedized to deliver top-rate threat prevention to protect industrial control systems for manufacturing, energy, utilities and transportation. The new 1570R Gateway delivers:

Uncompromised OT and IT Security

The 1570R security starts with 400 Mbps of industry leading Threat Prevention performance. This is a 10x performance increase from the previous generation 1200R.The 1570R leverages 60 security services to stop the latest zero-day attacks from disrupting operations. It enforces complete segmentation between IT and OT networks, and gives granular control across the OT environment.

Built for OT

Not only does the 1570R lead in performance, it provides the most comprehensive visibility into 1500 SCADA protocols and commands used in the industry control systems industry. This provides visibility into how each device is connected and the protocols and commands they are using to communicate. This provides you the visibility to stop nefarious activity before it spreads throughout your network and shuts down your operations.

1570R is Reliable, Rugged, and Wireless

The rugged solid-state form factor enables the 1570R to operate in a temperature range of -40C to +75C, making it ideal for deployment in harsh environments. The 1570R is certified for the industrial specifications IEEE 1613 and IEC 61850-3 for heat, vibration, and immunity to electromagnetic interference (EMI). In addition, the 1570R is certified for maritime operation certification IEC-60945.

The 1570R flexibly supports wired, Wi-Fi or LTE modem network connections, enabling easy, flexible security for smart city applications (smart parking meters, bus stops, smart lighting, environmental sensors) and smart grids (smart meters, substation automation).

Sign up for a free demo, so we can show you how the 1570R can secure your industrial control systems. Otherwise, check out the 1570R webinar for more details.