- July 16, 2019
By Andrea Carcano, Nozomi Networks
Critical infrastructure and industrial environments were once thought to be immune to cyber threats and attacks because of their ‚Äúair gapped‚Äù nature. But the truth is that they are extremely vulnerable and are typically under persistent attack
By Andrea Carcano, Co-founder and Chief Product Officer, Nozomi Networks
Critical infrastructure and industrial environments were once thought to be immune to cyber threats and attacks because of their “air gapped” nature. But the truth is that they are extremely vulnerable and are typically under persistent attack. The interconnectedness of industrial control systems (ICS) and operational technology (OT) networks with IT networks have made them vulnerable to exploitation by attackers. By taking advantage of this increasing connectivity, attackers can not only enter ICS networks and systems, but can also control processes remotely.Systems once designed without security in mind are now major security risks for the entire organization.
Analyst firm Forrester, along with Nozomi Networks, recently conducted a webinar for ICS industry experts and vendor audiences alike. The webinar’s main focus was to educate viewers on how to protect industrial infrastructures from cyberattacks, and how to achieve full visibility across both your IT and OT networks. A poll taken during the webinar revealed that while the majority of industrial organizations are embracing IT/OT collaboration, many are falling short when it comes to achieving OT network visibility – an issue that needs to be addressed.
The key findings revealed ICS security qualms surrounding OT network visibility, security monitoring and IT/OT collaboration. In this article we’ll review the results and provide best practices to overcome these common ICS cybersecurity issues.
OT Network Visibility: Nearly half of organizations don’t have real-time visibility into their OT networks
Fortunately, respondents were split down the middle when it comes to OT network visibility. Over half of respondents (51 percent) have some or substantial visibility into their OT networks. However, nearly the same amount (48 percent) have outdated, static visibility, or are flying blind with little or no visibility.
Security Monitoring: Less than 10 percent of organizations are actively monitoring their OT networks
Unfortunately, less than 10 percent of respondents have full, real-time monitoring across OT networks. But optimistically, 37 percent of survey respondents have limited monitoring and do say they want to improve it.
IT/OT Collaboration: 82 percent of organizations report positive IT/OT collaboration
Eighty-two percent of respondents said their organizations are either at the early stages of IT/OT collaboration, or are already fully embracing it in a way that’s productive.
Best Practices & Tips
Today most threats can be reduced by monitoring ICS network traffic for visibility in both process anomalies and security anomalies of the control network. Industrial cybersecurity has become an important aspect of the threat surface as IT and OT systems converge.
OT Network Visibility
Real-time operational visibility is necessary for ICS cybersecurity. You can’t protect your network if you don’t know what’s in it. Having full visibility provides faster troubleshooting and remediation of cybersecurity and process issues, which makes it easier for engineers and plant operators to identify issues and respond before operational systems are impacted.
This requires having the right cybersecurity tools that provide visibility into industrial networks and their risk exposure, thereby improving critical infrastructure cyber resiliency and operational reliability. Overall, visibility is key to being responsive to a threat or crisis as it happens.
Improving visibility requires having a real-time network monitoring solution in place to detect cyber threats and process anomalies and to improve cyber resiliency and reliability.
Furthermore, the use of a centralized management system can provide visibility across regional or multinational facilities – reducing support costs for remote sites and improving efficiencies. Every facility should be aligned and provide collective monitoring across the organization so decisions can be made in context with the most accurate, current information.
The convergence of IT/OT brings big business benefits but also introduces risks that both IT and ICS personnel are often unaware of and unprepared to adopt. OT has traditionally lagged behind IT in terms of visibility, however in today’s world, companies need to have as much visibility into OT as they expect in IT because you can’t protect what you can’t see. Additionally, because of the interconnectivity, attackers now have the ability to move laterally throughout your network – making it imperative that you have a unified view of both your IT and OT networks to understand your attack surface.
Organizations should consider reorganizing all IT and OT resources onto the same team to support balanced decisions and actions, and to cross-pollinate skills. Successful collaboration between the two groups may require more cultural comprehension than technical learning, and the former is arguably harder to achieve.
Cyberattacks will continue to target industrial networks, such as power and distribution systems, oil and gas systems, manufacturing facilities and others. So, we recommend that industrial companies look for proven technologies that leverage artificial intelligence and machine learning to detect network and process anomalies and to mitigate possible attacks. Additionally, these technologies should facilitate integration between IT and OT security infrastructure and align IT and OT teams to collaborate on the same end goals.
Many organizations have not yet fully adapted to their changing technological realities – either in mindset or toolset, but with today’s technological advances, OT monitoring tools are available and better-suited for both performance monitoring and cybersecurity as well. Shoring up your security defenses to protect against today’s threats may seem like an overwhelming task, but by focusing on priority areas like network visibility, anomaly detection and IT/OT convergence strategies, you’ll be taking the first steps towards a safer and more efficient industrial control network.
About the Author
As co-founder and chief product officer of Nozomi Networks, Andrea Carcano is helping build a new generation of ICS Security products. Andrea is an expert in industrial network security, artificial intelligence and machine learning, and has published a number of academic papers on the subject. His passion for cybersecurity and solving the unique challenges around ICS became the focus of his PhD in Computer Science from the Università degli Studi dell'Insubria. Carcano worked on the European Commission Power Plant Security Program, was a Senior Security Engineer for global oil and gas supermajor Eni, and most recently (through his work at Nozomi Networks) developed software that detects intrusions to critical infrastructure control systems.Learn More
Did you enjoy this great article?
Check out our free e-newsletters to read more great articles..Subscribe