When you view your EO network as an extension of your computer network, you get a consolidated view of your technology infrastructure.
In the first part of this two-part series, I described the gaps in best practices for trusted IT cybersecurity in the Operational Technology (Ot) environment and also presented the first of three recommendations for bridging the Ot IT security gap: Dealing with complexity. Now let’s consider the following two recommendations: align IT and EO teams and simplify management.
2.) Align the IT and EO teams. As mentioned above, most of the Fortune 500 companies have board support and a budget to improve the security of their EO networks. However, when they start implementing a security program, they soon notice that the alignment between IT and EO teams has not yet been fully achieved. This discrepancy is expressed in two ways:
– The first source of inconsistency relates to the triptych of Confidentiality, Integrity and Availability (CIA), as IT and EO teams have different priorities in relation to these three principles. Teams managing information security generally prioritise data protection over data integrity and availability, while teams managing EO networks prioritise availability (or performance) over integrity and confidentiality. In order to make progress in addressing IT-OT safety deficiencies, we need to meet these priorities. The risk of malfunctions and downtime when performing new security checks, patches or system updates is not an issue for EO checks. Not to mention the fact that changes to multi-million dollar systems operating in a production environment typically invalidate the warranty.
– Another shutdown is the result of dispersed orders and efforts. When large organizations begin to focus on securing their EO networks, we often see many different teams working on the project, but each team works from a different perspective. For example, a team of engineers can be responsible for obtaining information about the resources of EO networks. The Network Security Group is responsible for the supervision of these networks. And the third team is responsible for managing the vulnerabilities. Due to the emergency, everyone walks quickly and is poorly organized. Each of them is looking for tools to help them with certain applications, and because they don’t coordinate, they don’t understand that the same technology can often be used for different applications. If there is no central coordination, decision-making or budget, no one worldwide thinks about the safety platform. This obscures the usefulness and value of any investment made to improve EO safety.
The good news is that most organisations can start from scratch and develop an EO security program without having to worry about existing security technologies. This means you can prioritize and implement the most important applications.
Another good news is that EO networks are designed to communicate and exchange much more information than is normally available in computer components – the software version they use, firmware, serial numbers, network card slots and much more. Because OT network traffic provides all the security information you need to monitor threats and vulnerabilities, you can get the most out of the same technology without the need for separate tools. A single agentless solution for inventory tracking and continuous threat monitoring meets the needs of different groups and can be implemented without sacrificing performance or downtime.
3.) Simplify the control. Many organizations are struggling to integrate the new EO management and EO processes into their existing IT structure. Some organizations are setting up a Management and Security Operations Centre (MSOC) process that is separate from IT, because they feel they need different skills and tools. Such an approach is inappropriate for several reasons, among others:
– Finding and retaining EO security specialists is difficult and costly.
– Unwanted people do not see the separation between IT and EO. The attacks are interwoven, so you don’t want to miss this connection because you have two separate SOCs or two separate commands.
– Restoring existing management processes and duplicating coordination efforts is a waste of time and effort.
The most common best practice is the centralisation of responsibility and accountability for TSO at CISO. If you see the OT network as an extension of your IT network and have a holistic view of management and processes, you get a consolidated view of your IT infrastructure.
The EO security solution you choose must also have a holistic approach, i.e. it must also be integrated into the EO and IT ecosystem and workflows. This should also transfer the ambiguity of the EO networks to the EO SOC analyst, so that their expertise is transferred and you don’t have to hire an EO SOC analyst.
By focusing on CISO, a single SOC and a solution that can be used by both IT and EO teams, you optimise your resources – talent, budget and time. You also get continuity across the entire attack area, allowing you to manage the same processes and reporting speeds.
Eliminating complexity, aligning IT and EO teams and simplifying administration are my three main recommendations to address EO’s security gaps. Each recommendation focuses on removing obstacles so that organisations can make rapid progress, which is important as opponents develop their approaches and attacks on EO networks intensify. In that sense, I invite you to start as soon as possible.
That’s what it looks like: For more information, visit the SecurityWeek ICS Cyber Security Series conference.
Galina Antova is co-founder and director of Business Development at Claroty. Previously, she was head of the occupational safety department at Siemens, where she oversaw the development of services to protect industrial customers from cyber attacks. She was also responsible for the management of the Cyber Security Practice and the Cyber Security Operations Centre, which provided managed security services to industrial operating system operators. Previously, Ms. Antova worked for IBM Canada, where she held positions in procurement and cloud computing solutions. She holds a B.Sc. in Computer Science from the University of York in Toronto and an MBA from the International Institute for Management Development (IMD) in Lausanne, Switzerland.
Previous speaker from Galina Antova :