Cybersecurity frameworks are industry guidelines, best practices and standards that organizations can adopt to improve their security posture. They are critical to preventing cyberattacks and building operational resilience.
With OT/IT convergence and the rise of the Industrial Internet of Things (IIoT), manufacturers face threats that are escalating in both number and sophistication. Not only has the attack surface expanded, but also industrial control systems (ICS) and operational technology (OT) devices pose unique challenges, as they cannot be protected with traditional security tools.
By mapping their existing controls to cybersecurity standards, organizations can better structure their operations and close vulnerability gaps. In this article, we focus on the following security frameworks that Armis can help you implement in your organization:
Created by the National Institute of Standards and Technology (NIST), this framework provides a set of voluntary guidelines and best practices to manage cybersecurity risk. The security controls in the NIST CSF are broken up into 5 key functions: Identify, Protect, Detect, Respond and Recover. Each of these functions is divided into a few categories, which are groups of outcomes such as asset management, identity management and access control.
This cybersecurity framework is valuable to help organizations align and prioritize security measures based on resources, risk tolerances and business goals. Findings from the SANS 2021 Survey: OT/ICS Cybersecurity indicate that the NIST CSF is the most followed cybersecurity standard in the OT world, leveraged by 47.8% of the respondents.
Source: SANS 2021 Survey: OT/ICS Cybersecurity
Check out our solution brief to discover how Armis provides compliance for NIST CSF controls across the Identify, Protect, Detect and Respond functions.
Managed by the Center for Internet Security (CIS), these controls offer a recommended set of actions to defend your operations from cyberattacks and breaches. According to the SANS 2021 Survey, 26.1% of the respondents indicate that they map their ICS/OT security measures to this framework.
The CIS Controls are updated periodically by an international community of experts. The current version – no. 8 – provides 18 controls with specific and actionable ways to stop attacks. For example, CIS Control 1 focuses on inventory and control of enterprise assets, such as devices and servers. Within each control, there are three implementation groups (IGs), which help organizations understand which tasks they should prioritize:
Armis maps to 12 of the 18 CIS Controls. Download our white paper to discover how to implement these safeguards with us.
The MITRE ATT&CK® for ICS outlines the tactics, techniques and common procedures typically employed in attacks against OT and ICS. For example, this cybersecurity architecture helps organizations understand how adversaries penetrate systems, steal credentials and move laterally in a network to evade defenses. Data from the 2021 SANS survey reveals that 47% of respondents leverage this cybersecurity model in some way to shield their industrial operations from attacks.
MITRE has previously published ATT&CK frameworks focused on enterprises and mobile devices. The ICS version — launched in 2019 — addresses the unique needs and challenges faced by industrial and critical infrastructure organizations. Devices in ICS environments, including PLCs, SCADA systems and robotic arms, are unmanaged and cannot accommodate traditional security agents.
Armis provides comprehensive coverage for the attacks listed in the MITRE ATT&CK for ICS matrix, helping companies identify, mitigate and prevent threats. That’s possible because our agentless platform discovers every device on your network as well as devices that are transmitting in your airspace. Once each device has been identified, Armis analyzes device behavior to identify risks and detect cyberattack techniques.
Read our white paper for an in-depth view of how Armis supports the MITRE ATT&CK framework for ICS.
Created by Forrester, the Zero Trust model is based on the principle to never trust and always verify all users, systems and devices on a network. The Zero Trust approach has gained increased notoriety with the new initiatives adopted by the U.S. administration to improve the nation’s security posture.
For example, with the new Federal Zero Trust Strategy, government agencies have to achieve certain zero trust milestones by the end of the fiscal year 2024. Typical zero trust measures include asset inventory, strong user identification policies, continuous monitoring, network segmentation and more.
When organizations adopt the Zero Trust security architecture, they typically focus on users and managed devices, leaving gaps for unmanaged IoT devices (such as printers and webcams), OT (manufacturing sensors and machinery, for example) and off-network devices (such as wireless keyboards and headsets). Armis helps organizations to apply this security paradigm to the unmanaged world of OT, ICS and IIoT devices, too.
Watch our webinar to learn how to support Zero Trust principles in industrial environments.
Implementing security frameworks can help industrial organizations better meet business outcomes, minimizing the risk of operational downtime. Benefits include:
Legal protection. Being able to demonstrate that the company is taking security seriously can help to minimize liability. Gartner has predicted that, by 2024, 75% of CEOs will be personally liable for cyber-physical attacks.
We’ve listed four steps for a successful cybersecurity framework implementation:
The first step is to understand the importance of cybersecurity guidelines and best practices and review the options to choose one that suits your organization’s unique challenges. In this article, we’ve discussed some of the best know standards in cybersecurity circles that can help you secure ICS and OT systems.
In order to implement a security framework, you need to have a full picture of your entire environment, so that you can assess your cybersecurity gaps and strengths. IT/OT convergence requires comprehensive visibility into both managed and unmanaged devices. It’s critical to know what each device is, its behavior and vulnerabilities.
Your initial assessment is critical to determine what areas you should prioritize. You can map your security controls to frameworks to identify any gaps. Invest in a security solution that can articulate how they help you comply with well-known cybersecurity models.
OT/ICS security requires an agentless solution like Armis, which can discover all devices on the network — even those that can’t accommodate security agents. Armis analyzes and classifies every device to produce a risk assessment and then passively monitors all network traffic to detect abnormal asset behavior and external threats.
The Armis Platform shields your operations from cyberattacks – helping you meet security standards and best practices along the way. Book a demo now, and we will walk you through our award-winning solution.
Read All of the IT OT Convergence Playbook Chapters :
Sign up to receive the latest news