OT Security Management and its Importance in the Manufacturing Industry

  • July 25, 2016
  • Feature

By Eli Mahal, Vice President, Nextnine

Technology has been a major game changer across many industries and manufacturing is one of the most important sectors that has been transformed through technological innovations. Technology is enabling the automation of operations and helping manufacturing enterprises to improve production reliability and safety, while reducing costs.

Internet of Things (IoT) are now set to further digitize the manufacturing industry. These technologies are also commonly referred to as Industrial Internet of Things (IIoT), Industry 4.0, Integrated Operations or Industrial Internet and focus on connecting the industrial control systems (ICS) to data and analytics to the convergence of IT and OT (operational technology) operations.

Connecting manufacturing equipment to IT networks offers plant managers greater visibility and control into the functioning of each component. Monitoring equipment and taking informed decisions is easier through IIoT and the remediation of technical problems and predictive maintenance is more efficient through remote access. This convergence can help manufacturers further improve levels of reliability, safety and profitability.

While the “air gapped” ICS experienced greater security through physical isolation, a connected operation increases the attack surface and exposes a manufacturing enterprise to cybersecurity threats that are similar to those constantly threatening IT environments.

Just like with an IT environment, mitigating the risks of a cyberattack in OT environments requires a rigorous approach to hardening the software platforms. Unlike IT environments, industrial organization should focus on protecting the industrial assets, those assets that in the event of a successful attack, can create a substantial damage. Manufacturing businesses must adopt a continuous process involving the collaboration of IT and OT departments, plant management and corporate headquarters.

There are three underlining requirements necessary to implement best practices for a manufacturing organization to securely manage its connected OT environment:

  • Discover – an up-to-date inventory of all industrial assets
  • Connect –  secure connectivity and remote access to industrial assets
  • Protect – automation of security essentials, including patching, updating anti-MW signatures, collecting logs for analysis, scan ports and services against whitelists/blacklists, compliance reporting and more

Start with network visibility

Visibility and asset identification are the foundation for knowing what must be protected. A comprehensive and up-to-date asset inventory is vital for developing and maintaining an appropriate defense of a SCADA network and industrial infrastructure. Clear visibility into what devices and equipment are on the network, along with their characteristics and communication connections are required.

Conducting this asset discovery in an OT environment has its challenges. For example, older equipment can be sensitive and should be discovered unobtrusively in order to avoid disrupting availability. Accordingly, a combination of passive and active approaches should be implemented to map the devices and understand what they communicate with and how. Every network environment is dynamic. Thus, there is a need for automated asset discovery and mapping with all changes from the baseline being documented and incorporated into a continuously updated inventory. Once a manufacturing enterprise has a clear picture of its assets, only then can it establish an effective defense strategy and put proper hardening processes in place.

Next, secure connectivity and remote access

Many first and third party professionals need access to the ICS to maintain equipment and perform security processes, such as patching and log collection. In some cases, fast access is required for an incident response. Performing these functions in person is not practical or at times even physically impossible, making remote access a necessity.

While these remotely performed activities are often critical to plant safety and reliability, external connectivity and remote access, especially by third parties, increases the ICS attack surface and it is imperative to protect against these exploitable vulnerabilities.

Virtual private networks (VPNs) and proprietary remote access tools are commonly used, but these practices pose risks from multiple communication lines across the enterprise and shared access credentials.

A better means of secure communication is to funnel all remote access through a single location that is fully controlled by the manufacturing enterprise’s security professionals. This eliminates proprietary end-runs around security controls that go straight into the industrial assets.

Finally, protect and comply according to a top-down security approach

Once the manufacturing enterprise has its assets inventoried and it can reach all of these assets remotely through secure connections, it can consider itself in the position to effectively apply continuous automated protection efforts using a top-down, integrated approach.

“Top-down" means standardizing on plant-wide security policy and "integrated" refers to the intersections among IT and OT, remote plants and head office, and third parties, such as equipment vendors, that must be considered when choosing the means to enforce the policies and execute the procedures so that “everything works together”.

With this in mind, the primary attention should be shielding the field assets. These are the assets that, if compromised, pose the biggest risk to operational safety, integrity and efficiency.

With this approach, the security essentials should be addressed first with a focus on doing the basic things right. For example, applying qualified operating system patches and anti-virus signatures, collecting and analyzing devices logs, scanning IP address ranges to look for unexpected changes, and so on.

Only when the OT environment is reasonably secure, then the manufacturing enterprise can enjoy the benefits of having more data available from an integrated and connected manufacturing platform.

This article is the first in a series of four articles on OT security management in manufacturing enterprises. The following articles will provide an in-depth look at each of the three recommended best practices for OT security management. The next article will provide an analysis of discovery considerations for maintaining full network visibility and asset inventory.

About the Author

Eli Mahal is the Vice President of NextNine, a provider of security management solutions for connected industrial control system environments.

Learn More

Did you enjoy this great article?

Check out our free e-newsletters to read more great articles..