By: Sertan Selcuk, VP of Sales, META at OPSWAT
Information technology (IT) and operational technology (OT) are converging. The rise of the Industrial Internet of Things (IIoT) has put new targets on the backs of enterprises in heavy industry sectors like oil and gas, utilities, and manufacturing. Cybercriminals’ willingness to hold our most precious assets hostage has never been in doubt. But now, as IT and OT collaborate, they are actually capable of doing so.
Now that the UAE is revamping its manufacturing sector through programs such as Operation 300bn, OT is going to become more and more critical to economic progress for its ability to manage processes, improve efficiency, and reduce costs. But the digitalization of OT has set it on a collision course with the increasingly sophisticated threat landscape. The machinery of industry must be protected; but how?
In lieu of a cybersecurity silver bullet, organizations must look to their maturity with a holistic eye and identify opportunities for improvement. Consider the extent of your visibility and assess the effectiveness of your current strategy to cover passive and active defense. Your journey will take you through the procurement of solutions for asset visibility, network security, and endpoint protection in the former case, and through threat detection, response, and recovery in the latter. The UAE has a glowing record in cybersecurity. For example, the UN’s International Telecommunication Union (ITU) ranked the country fifth out of 194 countries in its 2020 Global Cybersecurity Index (GCI). Your maturity can reflect this if you examine and optimize four areas of OT cybersecurity.
Defense-in-depth cybersecurity strategies start with digital borders. As IT and OT environments exchange data more and more, security gateways can step in to ensure data flows in one direction. Firewalls cannot match the protections of gateways, which are easy to deploy and configure, highly scalable, and aligned with industrial standards such as NIST ICS/CSF/800-82/800-53. Some gateways even include technologies that implement other layers of security that scan in-transit data for threats before it is admitted to a critical environment.
2. Remote access
The proliferation of rogue personal devices in corporate networks must also be addressed. Since pandemic lockdowns introduced new ways of working, remote-access endpoints have presented challenges for security teams. Strong strategies and forward-thinking policies are required for remote access in an OT environment. Traditional firewalls and VPN may work to an extent for IT, but with OT, an authenticated VPN session allows users unlimited access to any asset with no option to end the session if anomalous behavior is detected. The answer to this is a purpose-built remote-access security solution that enforces logical line-of-sight protection. Users would be granted access to the environment under rules-based policies that predetermine what they are permitted to see and amend. Such a solution would offer granular visibility and control down to individual assets, protocols, and users.
3. OT network visibility
Hidden assets are not subject to protections, however effective those measures might be. And gaining visibility of modern technology stacks is difficult enough when only IT is involved. Discovery of every OT asset is a huge challenge, but a comprehensive inventory is critical to a robust security posture. Different devices, operating systems, firmware versions, makes, models, and countries of origin, must somehow be captured. For this, organizations need an asset inventory and OT network visibility solution that can map the ICS environment and present it in a clear dashboard. The platform should be imbued with enough contextual intelligence to know what normal behavior is in the context of the business model so alerts do not become a white noise of false positives. It is this platform that will enforce compliance. Because it knows which devices are manufactured in non-compliant countries, it can raise a red flag where it finds these devices communicating with others on the network.
4. Removable media
It is a fact of life, and business, that removeable media moves back and forth across corporate boundaries. It is important to look at the point of entry for these storage components. As OT environments receive data from portable storage devices to update PLCs or other devices on air-gapped networks, they become vulnerable. Different devices in different locations in the OT environment each have their own protection needs. Trust is vital, so organizations must ensure the right kiosk, media firewall, and storage solutions are installed. Such solutions must provide a multi-faceted, removable media security capability that offers mobility and is compatible with all the media types used by the business. Consider the depth of media scans. How thorough are they? How is at-rest data protected? All these considerations and more must be aired and answered if the OT ecosystem is to be effectively protected.
Journey without end
Cyber maturity is something achieved over years rather than weeks, but the basics can drastically improve risk profiles in a matter of months. The road is long and winding, and when (and if) you get to the end, another road stretches out in front of you. For all the careful planning and the overcoming of complex challenges to build a comprehensive, in-depth defense strategy, the end result requires constant vigilance to maintain. In fact, the roadmap itself must include a strategy for maintenance, upgrades, and change that will allow the environment, and the security apparatus that protects it, to evolve with the threat landscape that seeks to disrupt it.
Every business makes pledges to the outside world — partners, customers, regulators — and its success hinges on making good on those promises. Comprehensive cybersecurity is a vital ingredient in this fulfilment. It is therefore wise to invest in the people, processes and technology that will protect your technology infrastructure from the nefarious forces that would harm it.