With industrial sectors such as energy, oil & gas, and manufacturing rapidly digitizing their operations to remain competitive, executives are sharpening their focus on enterprise-wide cybersecurity.
Converging IT and operational technology (OT) exposes many systems such as safety instrumented systems (SIS), water flow meters, and hydraulic pumps along with vital information stored in data lakes, all of which are at risk of exploitation by threat actors.
According to the SANS 2021 OT/ICS Cybersecurity Survey, 70 percent of respondents rated the risk to their OT environment as high or severe, up from 51 percent in 2019. Even more worrying, nearly half of all respondents (48 percent) did not know whether their organization had been compromised in the past year. And while IT breaches typically garner more headlines, OT breaches can be far more critical, with the potential for successful attacks resulting in physical injury, harm, and even death.
In this three-part blog series, I’ll chronicle a digital transformation journey different organizations undertake, and provide a blueprint for enterprises to incorporate OT and IoT security into the mix. This blog introduces the important first steps of gaining visibility into and protecting assets and networks. In parts two and three, I’ll go into more detail on how to build a resilient cybersecurity posture for organizations with industrial control systems.
You Can’t Manage the OT Assets You Can’t See
When going through digital transformation, organizations typically focus on three important steps.
- Identifying and protecting the ‘crown jewels’
- Preparing a holistic cybersecurity transformation with a focus on IT/OT SOC integration
- Enhancing operational efficiency and taking measured steps towards preventative maintenance
Since we cannot manage what we do not see, protecting and gaining visibility into the most important assets and networks (the ‘crown jewels’) is the most important first step. When organizations begin their digital transformation journey, they often run into challenges in this area. For example:
- While IT teams tend to have visibility into IT assets managed centrally at data centers, they have difficulty obtaining a real-time view of OT assets. The nature of OT is that its assets can span a sweeping geographical footprint, making it hard for operators to easily identify and secure their critical assets.
- OT environments often consist of legacy equipment that can be sensitive to many types of network traffic. In some instances, commonly-used IT solutions may slow the devices that keep the plant running safely. Even scant pinging or scanning of devices for vulnerabilities have created major outages. With these risks, plant managers are hesitant to use unproven solutions in their plants.
- OT cyberattacks have additional subtleties related to typical IT incidences. Some are operational in nature where the event may be accidental such as a misconfigured device. Other threats may involve proprietary protocols whose communications can’t be evaluated by IT security tools.
How OT and IoT Security Fit Into the Digital Transformation Journey
To overcome these challenges, organizations should select an OT and IoT security and visibility solution, particularly a cyber solution built specifically for OT environments. The solution should:
- Provide comprehensive OT network visualization and asset inventorying without risk to the industrial process. Asset inventory capabilities can identify characteristics such as device type and manufacturer, while network visualization can help quickly determine micro-segmentation requirements and provide a more comprehensive view of the topology.
- Deliver superior real-time OT and IoT threat monitoring that shortens the mean time to detection and response. Artificial Intelligence (AI) and machine learning can identify and alert operators to known threats and anomalous events. With machine learning algorithms, critical assets and operational states are baselined so that even unknown activities are detected. An example is identifying unauthorized operational behaviour that may impact operations, e.g. online edits of programmable logic controller (PLC) actions such as start and stop.
- Deploy quickly and easily with mature technology that is ISO 9001 certified.
In summary, the initial steps of fingerprinting and mapping assets help security and operational staff gain real-time visibility into their environment, enhance threat detection, and often satisfy audit and compliance requirements. As organizations go digital, they can use cybersecurity technology to strengthen their security posture, advance their cybersecurity maturity, and optimize their environment for reliability and cost efficiency.
Stay tuned for parts two and three in this blog series on building cyber resiliency while going through digital transformation. In the meantime, we invite you to learn more the OT/ICS cybersecurity landscape in the latest SANS 2021 Survey below.
A SANS 2021 Survey: OT/ICS Cybersecurity
Read the survey to learn about:
- The growing severity of ICS cybersecurity risks
- Technology adoption trends and gaps
- How the cloud is making its way to ICS