Salt Typhoon: A Wake-Up Call for OT WAN Security

The recent revelations surrounding the "Salt Typhoon" campaign, targeting telecommunications networks, have sent shockwaves through the cybersecurity community. While the immediate focus has been on telco infrastructure, the implications for Operational Technology (OT) networks, particularly those reliant on Wide Area Network (WAN) connectivity, are profound. A critical question arises: Does Salt Typhoon change how we build WAN networks for OT? The answer, unequivocally, is yes.

Salt Typhoon demonstrates the vulnerability of critical infrastructure to sophisticated, persistent threats that leverage supply chain weaknesses. The campaign's ability to compromise upstream network components highlights the need for a fundamental shift in approaching OT WAN security. Traditional perimeter-based models, relying on implicit trust within the network, are no longer sufficient.

The Upstream Oil & Gas Scenario: Secure Connectivity Imperative

Consider an upstream oil and gas company with remote well sites, processing plants, and control centers. These sites require secure, encrypted connectivity for real-time monitoring, control, and data transfer. Historically, this might have been achieved using MPLS or VPNs, with limited segmentation and trust in the underlying telco infrastructure.

However, Salt Typhoon exposes the inherent risks of this approach. A compromised telco node could grant attackers access to the entire OT network, potentially leading to catastrophic disruptions. This necessitates moving towards a zero trust architecture, where no device or user is inherently trusted, regardless of location.

Zero Trust Gateway: The Delivery Mechanism

A zero trust gateway becomes the cornerstone of secure WAN connectivity for this scenario. Here's how it works:

1. Network Segmentation and Microsegmentation: The OT network is divided into granular segments based on device function, criticality, and data sensitivity. This isolates critical systems and limits the impact of a potential breach. For oil and gas, this doesn't mean microsegmenting the devices locally to the well sites, but microsegmentation may be required in the more prominent sites or by simply segmenting the well sites based on geography.
2. Passwordless Multi-Factor Authentication (MFA): All users and devices connecting to the OT network must authenticate using strong, passwordless MFA. This eliminates the risk of stolen credentials and phishing attacks.
3. Contextual Access Control: The zero trust gateway enforces granular access policies based on user identity, device posture, location, and time of day. This ensures that only authorized users and devices can access specific resources.
4. Encrypted Tunnels: All communication between remote sites and the control center is encrypted using strong cryptographic protocols. This protects data in transit from eavesdropping and tampering, a significant concern with Salt Typhoon embedded in telco networks.
5. Network Cloaking: Cloaking is deployed to hide the OT network infrastructure from external reconnaissance. This makes it significantly harder for attackers to map and target the network.

The benefits to this approach are:

• Reduced Attack Surface: Micro-segmentation and network cloaking minimize the exposure of critical OT assets.
• Enhanced Security Posture: Zero trust principles ensure only authorized users and devices can access sensitive data and systems.
• Improved Compliance: Granular access controls and continuous monitoring simplify compliance with industry regulations like NERC CIP and API standards.
• Increased Operational Resilience: Secure encrypted connectivity and robust authentication mechanisms minimize the risk of disruptions to OT operations.
• Mitigation of Supply Chain Risks: Implementing zero trust significantly reduces the risk of a compromised telco node causing havoc on the OT network.

Conclusion:

Salt Typhoon is a stark reminder of the evolving threat landscape and the need for a paradigm shift in OT security. Zero trust architecture, delivered through a zero trust gateway, provides a robust and adaptable solution for securing OT WAN networks in the face of sophisticated threats. By embracing this approach, oil and gas companies can enhance their security posture, improve operational resilience, and protect their critical assets from evolving cyber threats.

We will discuss this more in our webinar this week:
Date: March 12, 2025
Time: 1 PM EST
Location: Online (Zoom)
Register Here: https://www.linkedin.com/events/theconnectedoilfield-masteringr7293463139679932416/comments/