Smart Operational Networks Come at a Security Price
Modern operational technology (OT) networks are constantly evolving due to developments such as the Industrial Internet of Things (IIoT), Industry 4.0, smart grid and more. In order to remain competitive, companies are adopting these beneficial technologies to optimize their operations and significantly cut operational costs. These new technologies increase the connectivity and the complexity of operational environments, and as a result, their exposure to potential cyber-attacks or human error increases significantly. In the past, operators trusted network segmentation, isolation, or air-gapping as an effective security measure. But due to the increasing connectivity between the OT, IT and other networks, this is no longer true, and therefore the use of OT security tools is critical for the protection, visibility, and control of operational environments.
The Need for a Dedicated OT Network Security Solution
Applying IT-oriented security tools in OT networks does not protect the OT networks from OT-specific attack vectors. Utilizing IT security tools in OT might even be as dangerous as having no security, as they provide a false sense of security. OT networks, equipment, and protocols are different from their IT counterparts and therefore, require a different mindset. Planning a robust OT network security architecture requires security solutions that are tailored for their characteristics, and are specifically designed for the high availability nature and the unique traffic patterns of the OT network.
5 Best Practices for Superior Protection of OT Networks:
- Automatic discovery and full visibility and management of OT asset inventory – The days of managing OT networks, machines and inventory with excel sheets should be long gone. These processes need to be automated and constantly updated automatically. Automating asset inventory makes OT managers more efficient, the information is more accurate and removes the risk of shadow OT devices that are unaccounted for and can become undetected attack vectors.
- Proactive actionable warnings regarding risks and vulnerabilities in the OT network – OT security managers must evaluate the criticality of their assets, their vulnerable hosts, and they must see their exposed network areas before they are exploited by malware or potential attackers. This way, they will be preventing the next cyber-attack, instead of having to handle one. Recent cyber-attacks such as LockerGoga, RYUK, Odveta and others from well-organized, financially and politically motivated hacker groups, have infected machines virally, in a matter of minutes, rendering entire departments inactive. By taking a proactive approach, organizations can prevent damages of hundreds of millions of dollars, and delayed production process recovery times for weeks or even months.
- Network mapping and connectivity analysis – OT managers must know where all of the devices are mapped on the network and which devices are connected to which devices. If a PLC is communicating with another PLC (that it shouldn’t be communicating with), OT managers have to know instantly, and not to discover it after potential downtime or damage to the production occurs.
- Detection of suspicious activities, exposures, and malware attacks – OT Security software needs to be able to detect malware infections, check for policy violations, implement effective authentication mechanisms and have the ability to pinpoint which devices in the network have been exploited in the case of a cyber-attack. They must subsequently provide remediation actions in order to contain the cyber-attack and prevent it from spreading.
- Full, deep-packet analysis of the network & industrial equipment activities – Sadly, most of today’s OT Security vendors,
- use “sampling” when analyzing OT networks. This means that they randomly select packets to feed into their OT security platform to analyze. They do this since they simply can’t handle the amount of information that is passing through the wires. This is a critical problem as it gives OT network managers a false sense of security – since a large amount of network traffic is not analyzed. This simply can’t be left to chance. In order for an OT Security platform to be effective, it must be able to collect and analyze 100% of all the packets that go through the network and be 100% sure that the network is safe.
If manufacturing companies, critical infrastructures and building management systems (BMS) implement these best practices, they will have a robust security posture and be able to remain operating safely and securely in 2020 and beyond.