A new year has arrived, and with it comes the opportunity to make all kinds of transformations to help your business. No matter how you navigated the dangerous threat landscape during the past years, it’s time for all of us in operational technology (OT) security to make firm decisions to do or not do something for the safety of our business and environment.
This year, we will see more breaches where bad actors target OT due to the rise of the Internet of Things (IoT) devices being deployed in industrial environments and critical infrastructures.
That’s because many OT networks were either designed without any security or without adequate protections in place. Plus, the overall attack surface is getting broader each day as organizations continue to converge their IT and OT environments.
I spend a lot of time on factory floors and in Security Operation Centers (SOCs), and you’d be surprised how many shared challenges these practitioners have in common. Here is what they should focus on in 2019:
Understand Operational Technology Security Risks Are Business Risks
Understand and communicate risks.
They can damage an organization’s reputation and can cause significant operational problems, such as production downtime, compliance penalties, and environment safety.
Business-level oversight and executive leadership can help to establish a culture of collaboration between IT and OT for the common good of the business. Improving an organization’s security posture depends on how effectively both sides can work with each other to improve mutual understanding and increase reliability and security of critical infrastructure.
Monitor User Activities
It’s important to detect both successful and unsuccessful authentication attempts to the Industrial Control System (ICS) network from users or systems in the corporate IT network. If an attacker gains access to your network through a compromised system, they will attempt to cross over to the ICS network to target the critical infrastructure.
By monitoring both successful and unsuccessful login attempts, you can identify anomalies, taking things such as time of day, frequency and other suspicious behaviors into account.
It’s also important to monitor remote connections from users, vendors, or system integrators. Anyone using Remote Desktop Protocol (RDP) has access to all the capabilities a device allows. Likewise, VPNs provide remote access to ICS networks. If remote access capabilities are not adequately monitored and controlled, unauthorized users can gain access to a system or the entire ICS network.
Lastly, look for credentials stored in logs and configuration files. Unprotected passwords and other credentials means giving hackers complete control of your systems and allowing them to move through the interconnected networks and expose more systems to the attack. To protect against this, files should either be modified to store credentials securely, or when not possible, access should be restricted (least privilege) and/or monitored.
Check for Changes in Firewalls, Routers, and Switches.
Properly configured firewalls can be used to protect control systems from unauthorized access, but rule sets need to be monitored and reviewed to provide continuous, adequate protection. Protecting control systems from unwanted access and possible attacks requires real-time monitoring of firewalls to rapidly detect and initiate a response to cyber incidents.
Network devices such as routers and switches on the ICS network should not be overlooked. These devices serve as the first line of defense because they permit or deny communications between the ICS network and the corporate network.
With proper and accurate logs from routers and switches, unwanted network access can be detected quickly in order to mitigate a security incident.
Look at new devices to understand their role and impact on the entire environment. Having visibility into each device or equipment in your environment will help you understand if a system is infected with malware and using the network to propagate from system to system. Flag insecure protocols used for exchanging critical information.
Flag Insecure Protocols Used for Exchanging Critical Information
Protocols such as Telnet, HTTP, FTP or Windows File Sharing are not secure by default, meaning they don’t protect corporate data and can have damaging business consequences that are difficult and expensive to amend. For example, content often lives on FTP servers for years, making it relatively easy for unauthorized individuals to access sensitive information undetected.
Consider Adopting Machine Learning
There’s a growing concern among security professionals that bad actors could use machine learning technologies to cause unprecedented security challenges.
Given the growing amount of data, an increase in the number of cyber threats and the rapid pace of technological change, security analysts could benefit from using machine learning to work through the overwhelming amount of data they need to sort through.
The future of cybersecurity will require human and machine collaboration – fusing proper human judgment with machine learning capabilities.
With the new year underway, it’s time for CISOs to see their security resolutions through from the factory floor, SOCs and across the entire enterprise.
By Seema Haji on January 30, 2019
I’ve also found that if you just Google “what is IoT?”, many of the answers are unnecessarily technical. Case in point:
“The Internet of Things (IoT) is a system of interrelated computing devices, mechanical and digital machines, objects, animals or people that are provided with unique identifiers and the ability to transfer data over a network without requiring human-to-human or human-to-computer interaction.”
– An unnecessarily technical explanation of IoT
If you just read that and thought, “ok…so what?”, you’re not alone.
Most people don’t want to nor need to dive into the nitty-gritty of IoT.
Before we jump in, note that “The Internet of Things” and “IoT” can and will be used interchangeably. And a quick tip: avoid saying “the IoT”.
The Internet of Things (IoT) Explained
Simply and Non-Technically
How are you reading this post? It might be on PC, mobile, maybe a tablet, whatever device it’s connected to the internet.
The internet provides many benefits are you old enough to think of your cellphone before it was a smartphone as you could make a call and text, but these days you can also read books, watch TV, movies and listen to any music you want to. It is all just there available for you at the touch of a button
So connecting your devices to the internet yields many benefits and we have seen these benefits whilst using our smartphones, laptops, and tablets, but it is true for everything else as well.
The Internet of Things is a very simple concept, it actually means taking all the things in the world and connecting them to the internet.
The confusion arises not just as a result of the phrase having such a narrow definition, but more as a result of it being so widespread and having a none specific definition
So we can struggle with its definition as there are just so very many possibilities and examples of the Internet of Things
To help clarify, I think it’s important to understand the benefits of connecting things to the internet. Why would we even want to connect everything to the internet?
Why Does IoT Matter?
When something is connected to the internet, it can send or receive information, this ability to send and or receive information is what makes things smart
Let’s use smartphones (smartphones) again as an example. Right now you can listen to just about any song in the world, but it’s not because your phone actually has every song in the world stored on it. It’s because every song in the world is stored somewhere else, but your phone can send information (asking for that song) and then receive information (streaming that song on your phone).
To be smart, a thing doesn’t need to have super storage or a supercomputer inside of it. All a thing has to do is connect to super storage or to a supercomputer. Being connected is awesome.
In the Internet of Things, all the things that are being connected to the internet can be put into three categories:
- Things that collect information and then send it.
- Things that receive information and then act on it.
- Things that do both.
And all three of these have enormous benefits that feed on each other.
Collecting and Sending Information
This means sensors. Sensors could be temperature sensors, motion sensors, moisture sensors, air quality sensors, light sensors, you name it. These sensors, along with a connection, allow us to automatically collect information from the environment which, in turn, allows us to make more intelligent decisions.
On the farm, automatically getting information about soil moisture can tell farmers exactly when their crops need to be watered. Instead of watering too much (which can be an expensive over-use of irrigation systems and environmentally wasteful) or watering too little (which can be an expensive loss of crops), the farmer can ensure that crops get exactly the right amount of water. More money for farmers and more food for the world!
Just as our sight, hearing, smell, touch, and taste allow us, humans, to make sense of the world, sensors allow machines to make sense of the world.
Receiving and Acting on Information
We’re all very familiar with machines getting information and then acting. Your printer receives a document and it prints it. Your car receives a signal from your car keys and the doors open. The examples are endless.
Whether it’s a simple as sending the command “turn on” or as complex as sending a 3D model to a 3D printer, we know that we can tell machines what to do from far away. So what?
The real power of the Internet of Things arises when things can do both of the above. Things that collect information and send it, but also receive information and act on it.
Let’s quickly go back to the farming example. The sensors can collect information about the soil moisture to tell the farmer how much to water the crops, but you don’t actually need the farmer. Instead, the irrigation system can automatically turn on as needed, based on how much moisture is in the soil.
You can take it a step further too. If the irrigation system receives information about the weather from its internet connection, it can also know when it’s going to rain and decide not to water the crops today because they’ll be watered by the rain anyway.
And it doesn’t stop there! All this information about the soil moisture, how much the irrigation system is watering the crops, and how well the crops actually grow can be collected and sent to supercomputers that run amazing algorithms that can make sense of all this information.
And that’s just one kind of sensor. Add in other sensors like light, air quality, and temperature, and these algorithms can learn much much more. With dozens, hundreds, thousands of farms all collecting this information, these algorithms can create incredible insights into how to make crops grow the best, helping to feed the world’s growing population.