By Diwakar Dayal
As concluded in the 2019 report from Ponemon Institute and Tenable, industrial systems have increasingly become a target for cyber attacks and it’s an issue that is keeping CISOs up at night1. The same report revealed that 90 percent of organizations have experienced at least one damaging cyberattack, and 62 percent have experienced two or more in the past 24 months. One only has to look at attacks on industrial control systems (ICS) and systems of critical infrastructure in the form of malware like NotPetya, to not want to suffer the same fate.
The issue the industrial sector faces is that traditional IT asset discovery and vulnerability assessment tools are not widely used in OT because these environments are often structured around legacy technologies and may disrupt operations. Therefore, security leaders do not have full visibility over what assets are installed in their OT environments, and cannot manage and measure their cyber risk in both IT and OT environments. This glaring disability widens their cyber exposure gap.
To ensure safe and reliable operations, security teams must find a way to bridge the gap between IT and OT to defend against evolving threats in the physical and virtual environments.
The following cybersecurity controls will help security teams define important requirements for OT security:
1. Ensure Compatibility with ICS Assets
When organizations integrate their IT and OT technology, quite often they are left questioning the compatibility of their OT security solution with existing security systems. It is critical that the OT security solution supports various ICS protocols (like openSCADA, Siemens S7) and systems from ICS manufacturers.
2. Improve Asset Visibility
Covering a wide range of ICS, SCADA systems as well as IT assets, asset discovery in OT Solution is core to virtually all OT compliance requirements and best practices. Therefore, the selected OT solution should always conduct passive scans and analyze industrial network communications.
3. Detect and alert known Common Vulnerabilities and Exposures (CVE)
The ability to assess and remediate vulnerabilities in a timely manner is extremely important. Advisories from the Industrial Control System-Computer Emergency Response Team (ICS-CERT) provide timely information about current security issues, vulnerabilities, and exploits.
According to the National Vulnerability Database, 16,500 new vulnerabilities were disclosed in 20182. A converged IT/OT environment could easily contain tens of thousands of vulnerabilities. Therefore, the solution that an organization opts for should regularly identify and prioritize vulnerabilities in sensitive OT systems that cannot be actively scanned due to the risk of disruption. Additionally, the system should send an alert to a Security Information and Event Management (SIEM) when it discovers new assets so that security teams can confirm that new additions were authorized.
4. Evolve from Mirror-Mode To In-Line Security
Manual inventories are expensive, often incomplete, and quickly antiquated. Automated approaches are required for different technologies and asset types. The automated solution should continuously monitor network traffic to detect and assess hard-to-scan devices, such as sensitive OT and IoT systems.
5. Support and Secures IT/OT alignment
The ICS security monitoring solution must recognize the interconnectedness of OT and IT systems. Understanding how OT specific protocols and active security technologies appropriate for IT environments may disrupt and/or degrade performance in OT environments is also critical.
6. Survive in Harsh OT Environments
OT environments do not always have the luxury that some IT solutions get like dust-free environments and AC server rooms. The ICS security solution should be easy to install on an OT hardware and survive harsh environmental conditions.
The rapid pace of digital transformation has undoubtedly placed businesses under immense pressure to meet consumer demands at twice the pace to drive economic growth. The expanding attack surface resulting from these digitization initiatives that span both IT and OT creates cyber risk. By having the six cybersecurity controls in place, CISOs can have visibility across all assets in both IT and OT environments and close the Cyber Exposure Gap.
(The author is the Managing Director of Tenable India)
Woah! I’m really loving the template/theme of this site. It’s simple, yet effective. A lot of times it’s very hard to get that “perfect balance” between user friendliness and visual appeal. I must say you’ve done an amazing job with this. In addition, the blog loads super quick for me on Opera. Outstanding Blog!