Have you ever considered that even before you enjoy the first sip of your favorite morning beverage, you have probably interacted with at least half of the 16 critical infrastructure sectors that keep a nation running? In one way or another, the simple act of brewing a cup of tea would probably not be possible without interacting with water, energy, manufacturing, food and agriculture, waste, transportation, and financial sectors.
Depending on other factors, your morning routine may go so far as to rely on the health, dams, and chemical sectors. An interruption to any one of those sectors could have an impact on your morning brew.
These sectors' safety is vital for more than just keeping our preferred beverages flowing. Whether it's vulnerabilities and threats or detection and prevention, Operational Technology (OT) security needs to be prioritized in industrial processes. There are various challenges to meeting this goal.
Common Problems
For many years, the most common issues were software vulnerabilities in OT devices and the workstations that are used in OT environments. The reason is that OT devices such as Industrial Control Systems (ICS) are built to last for a very long time. In some cases, the anticipated lifespan can be more than a decade. As such, the software that works with these systems is also long-lived.
Unfortunately, these legacy systems and their associated legacy software are often not updated to work with newer operating systems. For example, many OT systems are still running old Microsoft Windows operating systems, such as Windows XP, Vista, and Windows 7. As a result, there are many systems within OT networks with obsolete operating systems that are no longer in support and contain unpatched vulnerabilities.
At one time, this was not a huge issue because OT networks were "air-gapped" from the IT networks. The physical security and highly controlled access to the OT systems removed any concerns about attacks to these software vulnerability problems. However, times have changed with the Internet.
Nowadays, air gaps are considered non-existent because of IT-OT convergence. This movement is fueled by organizations wanting to extract more data that is generated by these OT devices. As this type of partially interconnected IT-OT architecture evolved, organizations had to start focusing on highly controlled network access via network segmentation.
On top of this is the increasing complexity in OT networks due to organizations adding more technology in the OT networks in order to collect even more information. As a result, another ongoing challenge is ensuring these OT networks remain highly segmented with very restrictive access control.
Constant Challenges
Isolating vulnerable systems by ensuring correct network segmentation and access controls is not only a constant challenge, but it also has the potential to get worse. One reason is that advancing technologies now allow traditional OT devices to communicate over the internet. In the past, these devices lacked this capability.
This is causing an increase in potential attack surface by adding complexity to the network, making the environment harder to secure. Several paradigms have emerged, such as Industry 4.0, the Industrial Internet, and the Industrial Internet of Things (IIoT).
These are driving the idea of digital transformation, where many systems within industrial networks collect data and send the data to the cloud for various types of processing (big data and artificial intelligence) for various goals. For example, data from OT devices can be used to trigger an alert that a device is beginning to fail.
The aggregated data can also be processed with algorithms that can help to minimize production costs and potentially increase profits. Conversely, these same data processing algorithms can also be used to keep OT systems and networks secure while also moving forward with digital transformation.
Detection and Response
Having the correct tools and technology to achieve both monitoring and visibility is crucial to detect and respond to security incidents quickly. Visibility here refers to knowing exactly what systems exist on both the IT and OT networks. You cannot protect or respond to things you are not aware of, and with today's network complexities, keeping track of devices and systems on the networks via spreadsheets is no longer a viable solution. Spreadsheets are also generally no longer an acceptable tracking method for audit evidence.
Modern systems and networks are extremely dynamic, requiring constant assessment using appropriate technologies such as vulnerability management, patch management, change management, intrusion detection, log monitoring, and more. Also, industrial organizations must have the appropriate subject matter experts in both IT and OT security. These two domains of expertise are not the same.
Although there is some overlap in knowledge and capabilities, OT security requires OT experts, and IT security requires IT experts. Industrial organizations MUST ensure tight collaborations between these two groups in order to be effective. It takes appropriate technologies and appropriate expertise to achieve adequate capabilities to respond to security events quickly and effectively.
The Future of OT Security
Industrial and other enterprise organizations can multiply their security by collaborating with and participating within communities that provide standards for securing OT systems. One such organization is the International Society of Automation (ISA). The ISA provides Standards Committees where OT practitioners, such as automation professionals, can contribute to the Standards.
Another organization is the Industry IoT Consortium (IIC). Participation with the IIC can help organizations prepare for the future of OT systems where the Internet and cloud computing will play a major role in industrial organization's operations.
As the industrial world becomes more connected, OT security becomes even more vital in protecting these critical parts of our existence. While interconnection brings more complexity, with the right tools and a collaborative approach, industrial processes can join the rest of the internet while remaining reliable and free from cybercrime.
Zero Trust and the Seven Tenets
Understand the principles of Zero Trust in cybersecurity with Tripwire's detailed guide. Ideal for both newcomers and seasoned professionals, this resource provides a practical pathway to implementing Zero Trust, enhancing your organization's security posture in the ever-evolving digital landscape.