Dive Brief:
- Tenable released a new exposure management platform to provide visibility into assets across information and operation technologies and Internet of Things environments, according to a Thursday press release.
- The Tenable One for OT/IoT platform provides protection against vulnerabilities across IT assets, cloud resources, web apps, identity systems and operation technologies to help security leaders gain a clearer picture of true exposure across their entire organization, the release said.
- The launch comes as organizations face escalating cyber threats, highlighted by recent government testimony pointing to Chinese hacking campaigns actively targeting U.S. systems.
Dive Insight:
At a Congressional hearing last month, leaders from the Cybersecurity and Infrastructure Security Agency, the FBI, the Office of the National Cyber Director and the National Security Agency testified that cyberattackers are actively targeting U.S. electricity systems, water utilities, military organizations and other critical services.
The CISA issued an international cybersecurity advisory earlier this month, confirming that the People’s Republic of China-sponsored threat actor Volt Typhoon has pre-positioned itself on the IT networks of multiple U.S. critical infrastructure providers, including energy, water and wastewater providers, to enable movement to OT assets and disrupt functions.
As IT, OT and IoT assets become increasingly interconnected, cyberattacks often originate in IT systems and spread into OT environments with “potentially devastating results,” Tenable said. The convergence of these information technologies and physical assets, such as HVAC systems in data centers, badge readers in office buildings and cameras on manufacturing floors, has resulted in a broader attack surface for cyber criminals, the company noted.
“For those that rely on physical computing technology, OT and IoT often power their most business-critical activities. Any disruption is extremely damaging and often results in an inability to function,” Amir Hirsh, senior vice president and general manager of OT Security at Tenable, said in the release. “We understand that OT environments require a different approach from IT and we’ve designed our security solution, so teams no longer have to choose between cybersecurity or productivity. They can have both.”
To combat these risks, Tenable’s new platform provides visibility into the modern attack surface, risk intelligence aimed at mitigating operational risks, and actionable planning and decision making across enterprise and critical infrastructure environments, the release said.
Several large corporations that have a significant footprint in the buildings sector have been affected by recent cyberattacks. Last fall, Johnson Controls faced a “severe” cyberattack that caused disruptions in its operations, impacting the building control firm’s ability to release its fourth quarter and full fiscal year financial results. Schneider Electric also reported an attack on its EcoStruxure Resource Advisor platform in late January, with the Cactus ransomware group claiming to have stolen 1.5 terabytes of data from the energy management group.
Johnson Controls said it is spending $23 million in response and remediation costs, plus an additional $4 million in lost and deferred revenues from the attack. Schneider Electric still contends with reported threats of data leaks if it does not pay a ransom, cybersecurity experts told Facilities Dive.
