Cybersecurity has, since its inception, been a corporate-based problem. Whether it is a public, or private corporation, these entities were the primary targets of most cybercrime. In recent years, the industrial sector has increasingly become the target of attack for malicious actors. The reasons include newly internet-connected devices that were once air-gapped, and the immaturity of cybersecurity in many of these plants. Yet, for many corporations, one of the first hurdles that must be overcome in order to achieve a strong cybersecurity posture is to bridge the gap between IT and OT. Why is bridging the IT/OT gap so problematic?
Key Challenges for Bridging the IT/OT Gap
One reason is the obvious sense of exclusivity between these two worlds. Historically, no OT manager wanted their IT team poking their nose into someone else’s business. OT was the old guard, and IT was perceived as the new upstart who can only bring trouble. That mentality is changing and now both OT and IT understand the value of collaboration between the two. But, there is still work to do.
One way to bridge the IT/OT gap is to show how the new technologies can reveal important information about OT assets, allowing a fuller view into an organization’s overall security posture. Unfortunately, that still approaches the problem from a strong IT perspective. The OT viewpoint is that introducing new security also brings downtime, compromising service and safety. In order to effect change in a way that OT will embrace, IT has to prove that security can be introduced in an unobtrusive, and non-invasive way.
Many companies rely on multiple products from multiple vendors to cobble together a security platform. This disparity is the result of more and more previously unconnected devices becoming connected to the corporate network. This can result in many areas that are easily overlooked, leaving open the possibility of an exploitable security hole. Working with multiple security products is also a costly endeavor. An integrated system can keep industrial systems secure and compliant.
Founder and CEO of Digital Bound, Dale Peterson, clarifies this point in a blog on The State of Security:
“Most CISOs don’t want to have separate IT and OT systems with different terminology to show them current risk posture and key metrics. The modern CISO wants to look at the “single pane of glass” to see their cyber security posture and cyber risk. The distinctions of IT and OT are less important than understanding the cyber risk from a business perspective.”
How Tripwire Bridges the IT/OT gap.
Tripwire Enterprise can help to bridge this gap by offering a single product that can gather information all the way down at the OT infrastructure level, and display it up at the IT level. This unifies the dissimilar monitoring methods, and offers better visibility, giving the ability to address vulnerabilities in a meaningful way. Tripwire’s suite of products offers a single platform that combines the tools you need to bring situational awareness to industrial control systems (ICS) and SCADA networks.
Tripwire’s Industrial Sentinel is the latest tool to be integrated with the award-winning Tripwire Enterprise. Its powerful anomaly detection and ICS-specific threat indicators can protect against misconfigurations, operational errors, and cyberattacks. The way it maintains the reliability of OT devices is through offline analysis, so there is no unnecessary stress placed on any sensitive equipment.
Tripwire’s integrated system enables you to apply controls to OT assets that were once reserved to the IT, all without disruption. This also adds ease to the auditing process, eliminating the usual scramble of evidence collection.
Whether you are simply looking to achieve best practices for your environment or working to provide continual proof of compliance, the integration can help with standards such as:
- International Electrotechnical Commission (IEC) 62443
- International Organization for Standardization (ISO) 27001
- North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP)
- National Institute of Standards and Technology (NIST)
- Center for Internet Security Industrial Control System Critical Security Controls (CIS ICS CSC)
Dean Ferrando of Tripwire summarizes the value in combing IT and OT estates and offers some solid advice in a previous blog post:
“Rather than trying to compare which security methodology is better and how we need to bring one up to the other, why not combine the best of both worlds into one global security policy that could work for both the IT and OT estates? Physical security is as important as cybersecurity, and cybersecurity is as important as physical security; the two should not been seen as mutually exclusive but rather as complementary to one another.”
With the new interconnected nature of industrial systems, it is more important than ever to bring the same level of security to the OT world without any threat to the faithful execution of continuous uptime. The only threats that exist are with those who try to damage the normal functioning of the environment. Let Tripwire show you how easy it is to close the IT/IT gap.