IT/OT convergence has already changed your industry. What’s next? With the influx of new technologies, advanced digitalization, AI and cloud, the OT world is evolving, even beyond Industry 4.0. Embracing IT/OT convergence and enabling it by realizing that cybersecurity has a large role to play is the only way forward. The old notion of air-gapping OT networks is simply not viable anymore.
This evolution has been propelled by the Internet of Things (IoT) and IT/OT integration. Digital transformation efforts such as automation, artificial intelligence, cloud computing, and ubiquitous interconnectivity are shaping this new era of innovations.
As a result, security, visibility & control requirements for companies in manufacturing, automotive, oil & gas, energy, pharma and more have significantly changed, evolving into the need for complete unified visibility across all assets in the OT and IT environments (IT, OT/ICS, IoT, IIoT, managed, unmanaged, etc.)
Customers tell me they need a single solution that can provide them the best visibility and risk management across their entire infrastructure. They need to see every connected device, from the Wireless Lan Controller in the front office, to nested devices behind every PLC backplane on the production floor. This is crucial because oftentimes attackers will gain access to OT networks though the IT network, or an IT device on the OT network such as an engineering workstation running an older version of Windows (that cannot be patched) connecting directly to the Internet.
They also desire a solution that can be deployed quickly to deliver immediate value. Most niche OT security solutions have a heavy hardware footprint, leading to complex and often lengthy deployment processes. Meanwhile, their environment is at risk. If a solution is only 20% deployed after a week, then 80% of their estate is still vulnerable.
Customers also want to derive more value from their existing IT and security solutions such as NAC, Firewall, SIEM, CMDB, etc. The collective intelligence of these solutions together is greater than the sum of the individuals alone. A successful IT/OT security solution should have a broad scope and add value to investments customers have made in other areas.
It all starts with visibility and goes on to proactive risk management on the one hand, and threat detection and response on the other. These are tried and true concepts in the IT security world. But in the OT world, they have certain implications. There are certain tools you can’t run in an OT environment, such as active scanning tools. There exists older or even outdated equipment that you can’t patch, even if you wanted to. The approach to OT security, by nature, has to be more passive; more hands-off. It must have the ability to monitor, in real-time, threats as they manifest themselves and quarantine or contain them either at the perimeter or within the network itself. Another approach is what I call “virtual patching”, or the ability to lock down insecure communications. This is basically reducing the risk surface of certain types of devices by limiting their ability to communicate. Overall, I think the right approach is to leverage tried and true IT security best practices, but implementing them with care and using the right technologies is paramount. Visibility first, then secure the environment in the appropriate fashion without disrupting sensitive devices and processes reliant on OT.
What customers need is a different approach to security—one that is designed for the unmanaged devices across OT and IT environments. Such a solution would have the following characteristics:
● Passive. It should be able to function using only passive technologies. This is because a solution that relies on network scans or probes can disrupt or crash OT devices.
● Comprehensive security controls. It should meet most of the important cybersecurity goals specified by security frameworks such as NIST CSF or CIS CSC. In the IT world, this typically requires the use of several different security tools. For the OT environment, it would be desirable to obtain comprehensive coverage of the required security controls using as few tools as possible.
● Comprehensive device coverage. The scope should include all unmanaged or industrial IoT
devices in the enterprise, because in an interconnected environment, you can’t secure OT unless you secure IT along with it. The security platform should work for all types and brands of industrial control systems along with other kinds of devices common to the enterprise such as HVAC systems, IP security cameras, fire alarm systems, switches, firewalls, wireless access points, printers, and more.
● Comprehensive communication coverage. It should be able to directly
monitor all communication pathways that could be used by a cyber attack. In most environments, this would include Ethernet, Wi-Fi, Bluetooth, BLE, and possibly other wireless protocols such as Zigbee. Wireless coverage is important because attackers can exploit vulnerabilities such as BlueBorne, KRACK and Broadpwn to compromise OT devices over the air, without any user interaction.
From a technology perspective, there are plenty of technologies out there that can provide complete visibility into the environment, risk management and ultimately threat detection and response. I think being able to do all of this from a unified platform is key. You must be able to do everything you need to do in IT and OT environments alike, leaving nothing out in between.
To learn more about how to secure OT & IT in industrial environments, click here.
Sign up to receive the latest news