As more and more industrial control system (ICS) devices become interconnected in many industries, information technology (IT) and plant operations engineering teams and technology – (often referred to as OT) – are converging rapidly. Convergence is challenging for both areas, often creating gaps, causing conflict and leaving security risks unresolved.
An effective cybersecurity program starts by building a bridge between the two. As such, IT professionals need to make an effort to understand OT’s priorities and unique environment requirements and goals, and vice versa.
Dave Meltzer, chief research officer at Tripwire, reflects on this latter imperative:
“For IT security pros that want to start to cooperate on security with OT, learning about how OT works is a great starting place. Whether that means buying a PLC training kit and learning what these devices actually look like in OT environments, or taking an Industrial Security Controls class, or just reading a book on the subject, it is beneficial for IT professionals to go in with an open mind and learn about the unique challenges that exist on the plant side of the business.”
Indeed, as an IT professional, you think you know cybersecurity, but you might be surprised to learn that your security concerns are very different than those of a plant operator. Look for a greenfield project where new technology allows for IT to get involved without concern for the typical constraints imposed by prior brownfield or legacy infrastructure. When it comes to brownfield and existing infrastructure, integrating newer technology and methods with outdated and legacy systems can potentially disrupt operations.
Meanwhile, OT professionals operate in a high-trust environment and don’t believe in “Fear, Uncertainty, and Doubt.” Uptime and availability is their top concern, and plant operators tend to dislike you IT pros on the shop floor. When it comes to identifying, prioritizing and classifying assets, they’re typically concerned with the top 10 percent that have the highest impact to process controls and system availability.
Without reconciling these differences, organizations are creating a bigger attack surface that can bring physical consequences in the form of a security incident. In fact, most events are attributed to inadvertent human error, which proves communication between both groups is key.
To improve ICS security, Tripwire and Belden introduced a “no touch” approach that highlights three quick priorities for OT:
- Secure the network. Plant engineers and IT professionals are equally concerned with attacks from external sources as well as unintentional internal cyber incidents that disrupt availability. OT and IT professionals should therefore work together to focus on strengthening edge protections between plant and corporate systems.
- Secure the endpoints. The moment employees or contractors connect their devices, safeguards such as perimeter firewalls, industrial protocols, and airgaps get bypassed. With those threats in mind, it’s important to know your assets, maintain a hardened and secure configuration on each endpoint, and monitor for unauthorized changes in as close to real-time as possible.
- Secure the industrial controllers. Attackers are increasingly targeting industrial controllers that connect to physical devices like sensors, pumps, and even robots to cause physical damage or process disruption. To counter those bad actors, OT professionals should consider deploying solutions such as Belden’s Tofino Xenon, that can protect against malformed frames, unauthorized changes and malware as well as contain threats from spreading if they do occur.
Remember, you’ll also need to begin tracking different information than you’re used to, including ICS equipment vulnerability disclosures. Consider going to industrial security conferences, reading ICS survey reports, and staying informed of vendor and ICS-CERT threats and alerts in the United States (and for international readers there are similar organizations to use as resources.)
To learn more about how Tripwire can protect your industrial environment, visit tripwire.me/icssecurity.