Chapter 14 – IT/OT Integration: Cybersecurity Best Practices Moving Forward

With the proliferation of insecure IoT devices on the factory floor and the erosion of the air gap separating industrial control systems (ICS) and operational technology (OT) from IT networks, cybersecurity concerns have escalated in the industrial world, too. 

Navigating the unique security challenges of Industry 4.0 requires more than investments in technology. In this era of increasingly converged IT and OT environments, cybersecurity awareness is critical — now more than ever.

This article looks at a couple of cybersecurity lessons from Armis’ IT/OT Convergence Playbook to help industrial organizations revamp their control systems and increase resilience.

Operations need to bridge gaps between IT-OT security

OT-IT integration brings a demand for centralized approaches to security in industrial environments. Traditional IT solutions are based on agents installed on the endpoint. However, ICS and OT systems and devices are unmanaged and cannot accommodate security agents. 

In addition, those devices are often not built with security in mind and cannot be easily patched. The result is an asset management visibility gap that is escalating in proportions. There will be 55.7 billion connected devices worldwide by 2025, as per a prediction by IDC.

That’s why organizations need agentless security solutions — such as Armis Device Security Platform — because they can protect all devices in the Industrial Internet of Things (IIoT) era. Equally important is to get all stakeholders engaged and committed to cybersecurity resilience initiatives.

Building a successful OT/IT convergence strategy requires executive buy-in

Getting sponsorship leadership for cybersecurity investments is needed to secure financial resources and promote measures and best practices among other stakeholders. 

When communicating cybersecurity concerns, however, it’s crucial to avoid tech jargon that can alienate the leadership team and the workforce. Instead, try to emphasize the business impact of those initiatives. Securing ICS and OT assets is fundamental to prevent damage to systems, lower risk and ensure availability and reliability of operations.

Gartner predicts that, by 2025, cyber attackers will have weaponized OT environments to harm or kill humans, and most CEOs will be personally liable for such incidents. These challenges are bringing new organizational trends, too.

“By 2025, 40% of boards of directors will have a dedicated cybersecurity committee overseen by a qualified board member.”
~~ Gartner

Promoting IT, OT and ICS cybersecurity awareness helps to minimize risks

Better employee training and awareness can help to prevent cyberattacks. According to the 2021 SANS Survey, initial attack vectors involved in OT/ICS incidents included spear phishing attachment (26.5%) and engineering workstation compromise (18.4%). 

In many cases, the worker is not ill-intentioned but lacks the understanding that simply accessing a social media website from work could lead to breaches and industrial disruption. That’s why organizations need to educate their employees on cybersecurity best practices and online risks – from using stronger passwords to not opening suspicious email attachments.

Basic cybersecurity hygiene goes a long way

Costly cyberattacks could have been avoided if companies had followed basic security measures. That has been the case with three high-profile breaches that stirred up newspaper headlines in 2021. After investigating the Pipeline, JBS and CNA hacks, the Committee on Oversight and Reform’s Investigation into Ransomware concluded that small failures in security systems led to major ransomware incidents.

• Colonial: the attack started with a single stolen password linked to an old user profile.
• JBS: the attackers gained access to an old network administrator account that had not been deactivated and was protected only by a weak password.
• CNA: the attackers convinced a single employee to accept a fake web browser update from a commercial website.

According to the Committee’s report, “Even large organizations with seemingly robust security systems fell victim to simple initial attacks, highlighting the need to increase security education and take other security measures prior to an attack.”

Examples of basic cyber hygiene include the use of strong passwords and multifactor authentication. Another way to improve one organization’s security posture is to follow well-known cybersecurity frameworks, such as NIST CSF, Zero Trust, CIS Controls and MITRE ATT&CK for ICS. Ensuring that all systems are updated and patched also goes a long way. 

Consider the example of URGENT/11 — a group of 11 zero-day vulnerabilities first discovered in July 2019. By December 2020, 97% of the OT devices impacted by URGENT/11 had not been patched, according to Armis research. These findings are concerning because these vulnerabilities reside in VxWorks, an operating system used by over 2 billion devices, including critical industrial, enterprise and medical devices.

Checklist for increased cybersecurity resilience in Industry 4.0

1. ICS and OT cybersecurity training and awareness

Organizations such as the SANS Institute offer programs, certifications and events to help train employees on cybersecurity issues. The Cybersecurity and Infrastructure Security Agency (CISA) also provides guidance and resources to help businesses educate their employees and reinforce their cybersecurity posture.

Armis has your back, too. Visit our Resource Center to find webinars, white papers, solution and research briefs, blog posts and more content to help improve your organization’s cyber resilience.

2. Comprehensive asset discovery and inventory

At Armis, we believe that comprehensive asset visibility across IT, OT and IIoT is the first step toward building secure industrial environments. Our agentless platform discovers all devices in your network — even those that cannot accommodate agents — and then provides real-time asset inventory management. Our solution analyzes and classifies every device to produce a risk assessment. Within seconds of deployment, you will have several types of incident responses for assets in your environment.

3. Continuous passive monitoring and proactive cyber risk management

The Armis Agentless Device Security Platform continuously monitors all network traffic to detect threats and abnormal device or user behavior. We do it passively because scans are dangerous in the OT and ICS world and can cause devices to crash, causing safety concerns or leading to unplanned downtime.

The Armis Platform can understand the context of each device. Our Device Knowledgebase can compare the behavior of devices in real-time with multiple crowd-sourced baselines to detect abnormal activity.

4. Automated threat detection and response

Empowered by the Armis Platform, you can take action to protect your OT environment. Alerts can be triggered by a misconfiguration, policy violation or abnormal device behavior. And with integrations into security enforcement points (for example, firewalls and NAC systems), the Armis Platform can provide proactive network segmentation and automated incident response to protect your data.   

Our platform has been named a leader in OT security, as per the latest ISG report. Book a demo, and we’ll show you why. We’ll walk you through our platform and all it can do to secure all your assets in the Industry 4.0 era.

Check out all IT OT Convergence Playbook Chapters:

1. Chapter 1 – Industry 4.0: OT Security Challenges
2. Chapter 2 – A Roadmap to Comprehensive ICS Security
3. Chapter 3 – The Urge for Infrastructure Protection
4. Chapter 4 – How to Secure Industrial Environments
5. Chapter 5 – Complete Network Visibility: Find All Assets
6. Chapter 6 – Operational Downtime and Passive Monitoring
7. Chapter 7 – Protecting industrial Assets with Network Segmentation
8. Chapter 8 – ICS Risk Assessment
9. Chapter 9 – Top Security Security Frameworks for OT environments
10. Chapter 10 – Zero Trust Security Framework for ICS
11. Chapter 11 – Armis Role on CIS controls
12. Chapter 12 – ICS/OT Mitre Att&ck Framework
13. Chapter 13 – 2021 The Year of Ransomware Attacks
14. Chapter 14 – Guide to I/OT Integration 👈 you are here

Did you enjoy the OT/IT Playbook? Try the Armis Platform to monitor and secure all assets. 👉 Request Demo