A Swiss Army Knife for Industrial Operations Protection
When we think about a Swiss Army Knife, we immediately picture a high-quality, multi-functional tool to help us tackle a wide array of tasks. The digital equivalent is the smartphone. A more security-specific example is the all-in-one, wireless home protection system. These solutions typically include sensors for windows, doors, and rooms, as well as cameras to remotely see what is happening inside and out, and an app to control everything from wherever you are. The objective is to make it as easy as possible to monitor, protect, detect, and act quickly against intruders and other threats like leaks, floods, and fires.
The Swiss Army Knife approach helps ensure we’re prepared for many different situations and can act fast. It also makes sense for how we should approach industrial cybersecurity. Here are just three reasons why.
1. Simplicity. The 25+ year gap between IT and Operational Technology (OT) security means that OT networks have few, if any, modern security controls in place, as many of these Industrial Control Systems are legacy assets that were not designed with security in mind and were previously isolated, until digital transformation came along. This affords us the opportunity to start with a clean slate. There is no need to recreate the complexity of the IT security stack with 15+ tools and engage in time-consuming physical segmentation projects. Applying the same IT security playbook to your OT environment takes too long and often isn’t effective or necessary. What’s needed is a single, agentless solution that can be implemented quickly and integrated into IT systems and workflows. With asset visibility to identify vulnerabilities and suspicious behavior, continuous threat monitoring to detect and track threats that cross the IT/OT boundary, and secure remote access solutions with strict controls over sessions, we can jumpstart the process of closing the IT/OT security gap. We can start mitigating risk in weeks, not months, and assure continued operations of critical processes.
2. Total Cost of Ownership (TCO). Limiting the need to integrate to multiple disparate products, partner with more consultants, and deploy more resources to manage and maintain solutions each with their own interfaces, makes it possible to strengthen security and reduce costs. What’s more, when we can integrate OT security into IT systems and workflows, we can look at governance and processes holistically, which provides additional opportunity to lower TCO. Many organizations start down the path of creating a separate OT governance process and Security Operations Center (SOC), which introduces risk and delays. However, common best practice is to centralize responsibility and accountability for securing the OT environment with the CISO. By extending existing IT risk management and governance processes to include OT networks so that IT and OT teams can work together, we can avoid duplicating processes and efforts and save valuable resources. Seamlessly connecting the industrial cybersecurity program to the IT security program allows the CISO to execute an enterprise-wide risk management strategy more efficiently and effectively.
3. A virtuous circle. You can’t protect what you can’t see, so effective industrial cybersecurity must start with knowing what needs to be secured. This requires a centralized and always current inventory of all OT, IT and Industrial Internet of Things (IIoT) assets, processes, and connectivity paths into the OT environment as well as understanding what normal looks like. With visibility into assets, we can tackle inherent critical risk factors, from vulnerabilities and misconfigurations, to poor security hygiene and untrustworthy remote access mechanisms. Still, the harsh reality is that no matter the protective controls or processes we implement, we cannot eliminate risk completely. So, being able to detect and respond to threats when they do surface is imperative. Continuous threat detection and monitoring helps manage and mitigate risk from both known and unknown emerging threats. This is particularly critical as we shift how we manage our businesses and adapt to the reality of distributed work environments. In fact, a new PwC survey finds 83% of companies expect hybrid workplaces to become the norm. So, as more employees and third-party vendors connect remotely to the OT environment, adjusting controls with secure remote access capabilities minimizes the substantial risks introduced by remote workers. Closing the circle, continuous updates to asset inventory enable us to understand new vulnerabilities and security gaps as they emerge so we can address them with the latest protections.
Returning to that home security system example… if you do not have sensors on windows or doors, you can’t tell when they are left open; without a camera, you can’t see who is approaching your home. By the time you detect an intruder in your house, the damage may already be done. That’s why a virtuous circle – from asset visibility and vulnerability management to continuous threat detection and monitoring, and secure remote access – is so important. A simpler, cost-effective, and comprehensive approach to bridge the IT-OT security gap gives us confidence we can tackle whatever comes our way – like having that Swiss Army Knife or smartphone in our pocket.
Learn More About Industrial Cybersecurity at SecurityWeek’s ICS Cyber Security Conference Series