Mitigating Risks for Operational Technologies for Dealers

Earlier this month, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a Fact Sheet detailing key strategies to mitigate cyber threats to Operational Technologies. Operational technology (OT) encompasses systems that oversee, monitor, and control industrial operations, with a focus on physical devices and processes. It comprises both hardware and software essential for the functionality of critical infrastructure. For dealers, this includes systems for business operations, rentals, parts management, and onsite dealership security, incorporating physical devices like point-of-sale equipment, such as barcode scanners.

What Should Dealers Do?

CISA recommends a series of mitigation approaches to reduce the risk associated with OT systems and devices including:

• Disconnect OT Systems from the Public Internet - Operational Technology (OT) devices are highly vulnerable when exposed to the internet. Many lack robust authentication and authorization mechanisms capable of withstanding modern cyber threats. These devices can be easily discovered through search engines that scan for open ports on public IP ranges, making them prime targets for attackers.
• Improve Password Management - Replace default passwords with strong, unique ones to prevent unauthorized access. Recent analysis of cyber activity reveals that many targeted systems rely on default or easily guessable passwords, often identified using open-source tools. This highlights the critical importance of changing default credentials—especially on internet-facing devices that control Operational Technology (OT) systems or processes.
• Secure Remote Access - Many critical infrastructure entities, or contractors working on their behalf, make risk-based tradeoffs when implementing remote access to OT assets. These tradeoffs deserve careful reevaluation. If remote access is essential, upgrade to a private IP network connection to remove these OT assets from the public internet and use virtual private network (VPN) functionality with a strong password. and phishing-resistant multifactor authentication (MFA) for user remote access.
• Incorporate Multifactor Authentication - Implementing phishing-resistant multi-factor authentication (MFA) for remote user access is a critical step in securing Operational Technology (OT) environments. Unlike traditional MFA methods that may rely on easily compromised factors such as SMS or email codes, phishing-resistant MFA — such as hardware security keys or certificate-based authentication — provides a much stronger defense against credential theft. By requiring a second form of verification that is not phishable, dealers can significantly reduce the risk of unauthorized administrative or user access to OT systems, thereby helping to prevent potential disruptions, data breaches, or malicious control of critical systems.
• Use Least Privilege Access Strategies - For remote access, it is essential to meticulously document and configure access tools in accordance with the principles of least privilege. This involves ensuring that each user or system is granted the minimum level of access necessary to perform their specific tasks, thereby reducing the potential for unauthorized access or misuse. By carefully defining and limiting permissions, organizations can significantly enhance the security of their operational technology environments. This approach not only helps in safeguarding sensitive data and critical systems but also minimizes the risk of potential breaches or disruptions caused by excessive access rights. Regular audits and reviews of access permissions should be conducted to ensure ongoing compliance with these principles, adapting to any changes in roles or responsibilities within the organization..
• Improve Network Segmentation - Segmenting critical systems and introduce a demilitarized zone for passing control data to enterprise logistics reduces the potential impact of cyber threats and reduces the risk of disruptions to essential OT operations.

These six mitigation approaches will reduce these OT vulnerabilities and the overall cybersecurity risk posture of your dealership.

How Dealers Should Proceed

At Sedona, we recommend a 3-step cybersecurity remediation approach to understand the state of the risk for your infrastructure and OT systems today via an assessment process that would include audits around policies and procedures, various penetration tests (apps, internal, external, etc.), and the investment case for further remediation tools, services and requirements. The second step focuses on monitoring not only the remediation work itself but using vulnerability scanning across your network and OT systems to ensure that the remediation work is delivering security improvements. Lastly, the 3rd step, is the ongoing management of those remediation task to ensure alignment to other activities in your IT efforts. The goal of this process to have a sound remediation plan and execute against it. 

Our Cybersecurity Remediation Approach

Key Takeaways for Dealers

Earlier this month, CISA released a Fact Sheet outlining key strategies to protect Operational Technology (OT) systems, which are critical to industrial operations and include devices like barcode scanners and point-of-sale systems used by dealerships. The agency recommends six core mitigation measures: disconnecting OT systems from the public internet, improving password management, securing remote access with VPNs and phishing-resistant MFA, applying least privilege access principles, and enhancing network segmentation. These steps aim to reduce vulnerabilities and strengthen the cybersecurity posture of OT environments. Sedona advises a three-step remediation approach involving risk assessment, continuous monitoring, and long-term management to ensure sustained protection and alignment with broader IT efforts.

Sources:

CISA's Fact Sheet on Reducing Risk for OT can be found here.

More about our remediation approaches can be found here.