Securing the Linux Kernel Hiding Inside Your OT Hosts

November 21, 2022 - TuxCare PR Team

Operational Technology (OT) and Industrial Control Systems (ICS) technologies help ensure safety by monitoring and controlling critical operations. OT includes Supervisory Controls And Data Acquisition (SCADA) and Distributed Controls Systems (DCS).

But these systems, including some unmanaged devices, will go for an extended period with no security updates over the concern of the device being out of production for an ample stretch of time. The probability of failure from applying patches is also a concern for these environments.

Both OT and ICS run non-Windows platforms, including Linux kernel OSs – causing them to slowly become targets of threat actors. Hacker’s attack objectives include disabling water control systems and cooling towers inside nuclear plants, turning off power grids, and a variety of other malicious goals.

The Current State of OT/ICS Security

Because of the increase in attack surfaces and suspicious activities with these legacy devices, organizations need to increase their level of protection by patching these devices more frequently. Organizations are investing in ways to patch their critical systems and embedded devices, securing the Linux kernels within them without the need to reboot or remove them from production.

Legacy OT/ICS systems often run unpatched and run on outdated Linux operating systems. Many of these embedded systems require specific updates from the OS manufacturers. If a device manufacturer for a SCADA or OT device discontinues a product, this places significant additional cyber risk on the organization.

Increases in Cybersecurity Exposure to OT/ICS Devices

Cyber-attackers that target critical industry networks and infrastructure systems, including nuclear power plants, drinking and wastewater facilities, and hospitals, have increased by over 2000% in recent years.

Hackers have successfully shut down water treatment plants, disrupted oil and gas operations, and disabled portions of large municipal power grids. Most OT/ICS systems exist within a closed-loop air gap network for security reasons. Access to this network typically requires an engineer or support personnel to access the devices physically. Remote access has typically rarely been available, in an effort to help prevent unauthorized access to these critical components.

Eventually, more organizations began to extend remote access capabilities into the closed-loop networks to allow supplier support personnel with privileged credentials access to these Linux OT systems. Hackers and cybercriminals probe these networks looking for ports and unpatched systems that they can exploit. Organizations often neglect to disable default credentials on legacy systems, creating a clear path for hackers to target the devices.

As more of these OT/ICS systems have become interconnected, including external access to cloud-based analytics, they will have more exposure to IT cybersecurity attacks, including ransomware attacks, malware, and denial-of-service attacks. While maintaining the highest degree of operational uptime and service availability, organizations realize that the need to patch these Linux kernel hosts is critical.

Reducing Attack Pathways and Security Blind Spots

By supporting the organization’s digital transformation strategy, more legacy OT/ICS devices are being replaced with industrial internet of things (IIoT) devices, which require extensive security infrastructure and SecOps capabilities. Many IIoT manufacturers require remote access permissions to service their instruments. Given the higher level of connectivity, patching these devices without rebooting is critical.

Patching OT/ICS Devices without Rebooting

According to Gartner, breach incidents have increased by 67% between 2014 and 2022. To stay ahead of the curve, companies must invest in continuous monitoring and automation to detect threats before they cause damage – as well as find a way to patch connected devices as quickly and as often as possible.

Waiting to apply security patches until you’re ready to restart systems and devices leaves your organization vulnerable to these increasingly sophisticated attacks on connected devices.

TuxCare’s live patching solutions protect your OT/ICS Linux systems by rapidly eliminating vulnerabilities without waiting for maintenance windows or downtime, enabling organizations to keep their devices more secure without taking them out of production. With TuxCare, OT/ICS security teams can automate taking new patches through staging, testing, and production on all popular Linux distributions.

On top of automating the deployment of security patches for OT/ICS devices, TuxCare features flawless interoperability with vulnerability scanners, security sensors, automation and reporting tools, as well as our ePortal management platform. This dedicated private patch server runs inside your firewall on-premises or in the cloud. TuxCare is also the only provider that can live patch virtually all vulnerabilities in kernels, shared libraries, virtualization platforms, and open-source databases across all popular distributions.

For additional information, click here to access our whitepaper on patching OT/ICS systems.

Summary