As IIoT grows in prominence, so too does its status as a target for malicious hackers \u2013 particularly given its increased impact on the physical world; the latest and potentially most dangerous is called Triton.\nTriton first reared its ugly head near the end of 2017, according to security company Fireeye. It targets an industrial safety system made by Schneider Electric that monitors and secures valves, turbines and the like and shuts them down if it determines they are about to fail and cause explosions or other consequences that could damage the facility or cause harm to people. (It\u2019s named Triton because it targets the widely used Schneider Electric Triconex industrial safety system.)\n\nPatrick Daly, an IoT security analyst at 451 Research, said direct attacks against the Triconex system are frightening.\u00a0 \u201cIt\u2019s the only real instance we\u2019ve seen where it\u2019s designed to disrupt operations but that if attacks are carried out using it, people could get hurt,\u201d said Daly.\nSuperficially, operational technology networks are a relatively hard target to infect with malware because directly attacking the network often requires physical access. Yet the same IT network that bad actors have been practicing against for decades offers them a way in. The same social engineering techniques that have proven effective time after time can provide an attacker with access to the IT network, and, from there, interference with OT can commence.\n\u201cThe actual path is very similar to what happens in general cybersecurity, but what is very interesting is, again, the impact and the need for creating [industrial control system] security with more of a light glove than what we use to control IT systems,\u201d said IoTium CTO Sri Rajagopal.\nThe problem, according to Dave Weinstein, vice president of threat research at industrial cybersecurity firm Claroty, is that it\u2019s far from a trivial task to separate the OT and IT networks in a secure way. Flat networks, with no segmentation, are easy targets for malicious hackers, but the process of segmenting the networks logically, while maintaining the required interconnectivity, requires a lot of work, mostly configuring firewalls, switches and other gear to enforce the logical separation of the different network segments.\n\u201cNetwork segmentation projects can last years, especially at the enterprise level and especially with multinational corporations,\u201d he said.\nWhat\u2019s to be done?\nThe first thing, experts agree, is to recognize that the \u201csecurity-by-obscurity\u201d approach won\u2019t work anymore, and to inventory what\u2019s on your network. Visibility, all three experts agreed, is everything, and it\u2019s something that many companies aren\u2019t working on hard enough.\nWeinstein said that when his firm conducts site visits for clients and asks for asset inventory they\u2019re often handed documentation that doesn\u2019t reflect the full list of devices on the network.\nSeparating different parts of the OT network into logical, or in the case of big companies with widely distributed facilities, geographically-based zones also helps to stop the spread of malware. But the task of segmentation ties into the need for an accurate inventory. It is vastly more difficult to segment a network if a company\u2019s not aware of all the devices on it.\nIt\u2019s important to recognize that operational tech has a different vocabulary and different considerations from IT, and that\u2019s a gap that has to be bridged Weinstein said.\n\u201cA big part of solving the problem is about translating that OT syntax into nouns, adjectives and verbs that IT practitioners are more accustomed to dealing with,\u201d he said. \u201cIf you can\u2019t enable a human analyst to quickly triage an alert without spending hours or days analyzing a given event \u2026 then, ultimately, we\u2019re not helping anyone.\u201d\nOnce the network is configured correctly IoT practitioners could start taking more active measures to look for security holes, Daly said. Having formalized processes around managing security, being able to follow up on and investigate alerts and being compliant with industry standards are all important next steps.\nAfter that, active threat hunting is a possibility.\n\u201cYou want to have the basics tackled, before you start going out and hunting for this thing,\u201d he said.