Organizations can take various steps to protect their operational technology (OT) environments against digital threats. But some stand out more than others. In particular, network segmentation is described as “the first answer to insufficient ICS (Industrial Control System) cybersecurity.” Experts advocate zoning ICS assets to coordinate informational technology (IT) and OT environments effectively.
That doesn’t always happen, however. Indeed, the WannaCry and NotPetya attacks decimated the OT side of the affected organizations’ infrastructure partly because segmentation was not in place. Otherwise, the impact of the attacks could have been mitigated at least in some way.
The State of Supply Chains, Ransomware, and Segmentation
Over the past year, organizations around the world have witnessed an untold proliferation of ransomware attacks across their supply chains.
Illustrating this fact, a recent survey of hundreds of executives found that 36% of cyberattacks had disrupted supply chains significantly within the past three years. And in 2020, the greatest threat to organizations’ supply chains behind COVID-19 was cyberattacks.
Fortunately, network segmentation has proven helpful in mitigating common ransomware attacks especially those arising from breached IoT devices, third-party vendors, and the like. Part of this has to do with the main benefits of network segmentation. These include the following:
- Eliminates network congestion, resulting in overall improved performance. More so, it is harder to detect threats and fix vulnerabilities on a congested network.
- Improves intrusion control by making it easy to contain detected threats.
- Minimizes access to specific sensitive data and information by zoning them to a more secure network.
Segmentation also helps in organizations in the recovery phase. By limiting the available attack surface, the impact of any attack becomes much lower, making it easier to recover or replace lost data. That stands in contrast to having to revamp a supply chain's entire cybersecurity infrastructure.
Moving Away from Linear Network Security
Organizations can implement network segmentation on their supply chains through a virtual local area network (VLAN), firewalls, Software-Defined Perimeter (SDP), and other micro-segmentation techniques. Not only that, but companies can build even more resilient supply chains by combining these with other features such as encryption and access control.
The way in which they integrate these features together is important. Indeed, experts have been saying for years that organizations need to move away from a flat network approach. That’s because perimeter security is great only until an attacker figures out how to breach the perimeter while remaining invisible the whole time. When that happens, the attacker moves stealthily across the network to attack assets and hold them for ransom.
Network Segmentation Best Practices
Supply chains have essentially become supply (chain) networks in that most organizations have jettisoned a linear supply structure for a complex system of production and distribution. Hence, there must be a security approach that addresses this current reality, and that is network segmentation. Organizations require a scalable security solution that protects their value networks using the following best practices:
- As IoT proliferates supply chains everywhere now, it uses secure-by-design devices. Indeed, security for IoT devices begins right from the PCB assembly stage.
- Uses firewalls to filter traffic between defined network segments. This limits and controls access to sensitive data. In the case of a breach of classified data, it is easier to identify and isolate the source.
- Uses micro-segmentation to implement the zero-trust principle of least privilege, which grants access to network resources per use basis. What makes this work, particularly with software-defined perimeter (SDP) solutions, is that such segmentation is identity-based rather than device-based.
- It is also essential to be conscious of over-segmentation. Heavily isolating your networks can impact performance and impede the smooth flow of the supply chain. The goal must be to balance productivity and security in the supply chain. In essence, network segmentation must be strategic, never all in or all out.
- Reduces the number of endpoints that you must protect by integrating resources with similar properties into a single database. Your supply chain might be spread out widely, but you still need a central security strategy.
- Consider segmenting third-party vendors. There have been significant attacks to supply chains resulting from vendor mismanagement. Use the principle of least privilege to restrict vendors to only the resources they require to meet your needs.
In all the best practices discussed above, there is a caveat. Truly, network segmentation can minimize the impacts of attacks, but it is not a cure-all or a protect-all. Instead, it is just one of the preliminary steps to secure your supply chain infrastructure.
Always remember that network segmentation is not just about security; it is also about control and visibility. The vaster the supply chain, the greater the control that should be implemented since even the tiniest breaches may have the mightiest impacts.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.