The blurring line, and growing risk, between physical and digital supply chains

The worlds of IT, operational technology (OT), and industrial control systems (ICS) are converging, increasing attack surfaces and exposing vulnerabilities. At the same time, the lines between digital and physical supply chains are blurring, and measures must be taken by organizations to ensure that security posture remains strong.

As the pandemic and remote work have expanded access points to critical infrastructure, the IT and OT cyberattack surfaces have grown significantly. An organization’s vital data is now often cycled through multiple workloads in a matter of seconds. The increasing use of 5G and the Internet of Things (IoT) — which significantly increase the computing footprint — as well as a general lack of supply chain security also pose significant challenges. 5G networks utilize edge computing, where applications, storage, and control functions that are required to run them are housed relatively close to end users and IoT endpoints or both. That’s a shift from centralized architectures common to 4G and earlier, and creates a much larger computing footprint.

This software proliferation is another major concern for the supply chain. Embedding threats into the components provided by telecom suppliers is one way to infiltrate 5G networks.

Vulnerabilities in the Increasingly Meshed Physical and Digital Supply Chain
Cyber breaches aren’t static; their tactics and capabilities are always evolving. Many organizations don’t even know when they’ve been attacked.

Hackers often seek out unsecured ports and systems on industrial systems connected to the Internet. IT/OT/ICS supply chains in continuous integration (CI) are particularly vulnerable as they offer attackers many points of entry, and legacy OT systems were not designed to protect against cyberattacks.

Protecting critical systems from cybersecurity threats is, of course, a difficult endeavor. They all have unique operational frameworks, access points, and a variety of legacy systems and emerging technologies. And a lack of trained skilled workforce is a continuing issue in the industry.

The explosion of connected devices is challenging the trends of hardware and software integration. This, combined with an increase in networked sensors, is creating attack opportunities for hackers across all digital infrastructures.

To read the complete article, visit Dark Reading.