By Dick Bussiere, Technical Director APJ, Tenable
Enterprise security teams face serious hurdles in safeguarding their OT/IoT systems within the manufacturing sector, especially because these systems are susceptible to cyberattacks. The manufacturing sector ranked first as the most-attacked industries with 45% of attacks seen globally.
Building and maintaining a proactive, comprehensive security program that covers a diverse set of OT/IoT devices and IT domains and assets can be overwhelming. The convergence of OT, IT and IoT has resulted in a broader cyber attack surface. As IT, OT and IoT assets become increasingly interconnected, cyberattacks that target IT systems spread into OT environments, resulting in devastating consequences.
In fact, 67% of Indian organisations consider flaws in OT software to be the greatest risk. Fragmented visibility, unanticipated risks, data silos and organisational silos add to the challenge of securing modern OT organisations. This makes it important to deploy the right security strategies and tools to secure complex OT environments.
Key challenges to modern OT organisations
Fragmented visibility: Many of the OT technologies in use are deployed outside the purview of IT and security teams, leaving them unseen and insecure. Not knowing what you don’t know results in systems that are vulnerable to attacks and are among the reasons why attackers continue to target OT and IoT assets more frequently.
Unanticipated risk: OT Protocols are insecure by design, having little to no authentication, encryption and other techniques used in IT. Few security enforcement points are implemented within most OT environments; devices on a network are implicitly trusted. Similarly, IoT devices are deployed, often supported by opaque cloud services, with little thought about how secure the system as a whole may be. Additionally, many operators of OT assets assume that they are protected by the proverbial “air gap” when in reality this air gap is perforated with holes allowing outside access. Lastly, there is always the risk of outside devices being introduced into the environment, rendering any externally facing security mechanisms moot.
Data silos: As organisations adopt multiple-point solutions to address specific security gaps, data becomes trapped in silos. Disjointed tools and teams leave business leaders with a limited understanding of their environment and the risk relationships that span different organisational units. While the data and insights gathered from point-solutions are useful to understand the risk within a silo, many security teams continue to struggle to answer critical questions about their overall security posture. Some of these questions include – How can we accurately measure risk and exposure to the entire organisation, regardless of which part of the
organisation has any specific vulnerability? What risks do traditional business systems (e.g. ERP systems, Active Directory, remote access jump boxes) create for OT/IoT assets? What are the dependencies between these environments and how could they affect supply chains? How do changes in the OT environment affect other assets within the same facility?
Exposure management for preventive OT security
Exposure management helps benchmark OT/IoT and IT assets, enabling effective risk reporting and measurement. Exposure management tools are aligned to the business outcomes of the organisation as a whole, so security teams can break through siloed vulnerability management and OT security tools. The result is a superior view of risk, resulting in better understanding, prioritisation of resources, and communications across the enterprise.
Security teams can prioritise efforts to prevent likely attacks and accurately communicate cyber risk to support optimal business performance. Exposure management combines vulnerability coverage spanning IT assets, cloud resources, containers, web apps, identity systems, and OT and IoT assets to provide a comprehensive security posture assessment. This ensures that risk relationships between assets and users are understood so the most critical vulnerabilities are addressed first.
OT environments contain a diverse set of assets, which are managed by different internal stakeholders. Exposure management brings it all together as security leaders can utilise it to view, assess and manage cyber risk across the entire attack surface. It tracks incoming data from configured tags and data sources, and aggregates and normalises data to provide a visualisation of the organisation’s cyber exposure and other important metrics.
OT organisations cannot compromise security for operational efficiency any more. Cybersecurity is a critical risk management function, making it important to adopt the right technologies to secure increasingly complex systems. To this end, organisations must rethink strategies for tooling, adopt a more holistic approach and mature playbook for OT security, prepare for a continued rise of ransomware attacks against OT, and expand cybersecurity practices from reactive to proactive with exposure management.