Attack surface and threat actors

Attack surfaces differ considerably in IT and OT environments. IT is characterized by ever-evolving and intertwined technology stacks, which makes the attack surface rather fluid and dynamic. IT data traffic is primarily hierarchical, north-sound bound. The IT cybersecurity approach is usually threat-based, constantly plugging holes for new malware and viruses. The threat actors in IT typically target monetary gains and, as such, range from miniscule to large, organized cybercriminals.

In the case of OT, although the processes and controls are deterministic, the attack surfaces can be vast and scary. Their diverse deployments foster several avenues of intentional and unintentional cyber incidents. An attack surface in the case of OT is laterally spread, as there is not much traffic traversing north-south across the DMZ. OT cyber threats involve a completely different type of adversary. Threat actors in the case of ICS are usually not after money, and often involve nation state actors whose prime motivation is to inflict large-scale disruption in business, national, or political arenas.

The following diagram illustrates the diverse attack surfaces in a typical industrial use case: