Evolution, Not Revolution
Over the last 10 years there has been increasing awareness across all industrial sectors, that cyber criminals are looking for additional victims. Companies have worked with their IT groups and their OEM vendors to implement basic security controls such as perimeter firewalls, anti-virus and systems patching. But is this enough? The answer is typically no, as threats evolve, you need to do more.
Considering this type of mounting sophistication and the kind of industries that rely on such networks, OT targets are continually rising as an interest among cybercriminals. In a survey of 3,500 security experts, more than 75% relayed that they “believe their OT security risk level is high or severe for the company’s overall risk profile,” according to Security Week.
In fact, Gartner analysts estimate that only 5% of the market is at the mature stage of their OT security program.
Minimizing Risk with Defense in Depth
So, with the complexity of today’s cybersecurity landscape, including both IT and OT concerns, how do we go about implementing solutions? A leading answer to this question comes in the form of defense in depth. As Matthew Warner, CTO and co-founder at Blumira, explains, “Focusing on defense-in-depth and detection of threats, consistent with ransomware playbooks at each layer from on-premises to cloud, will help significantly reduce ransomware risk.”
In addition to critical elements like visibility, which allows you to see and understand where vulnerabilities may exist, defense in depth is a strategy that ensures that you have layers of security put in place to shield those vulnerabilities at every level. Therefore, if one guard is broken down, there are others still standing. While each tool used may have its own purpose, the overall goal is to have a suite of measures that act in tandem with each other.
In an article for CSO, Josh Fruhlinger points out that it is helpful to understand this approach in three categories – administrative controls, physical controls and technical controls. The administrative focus makes sure that the whole organization is on board with the plan to secure operations. Physical controls “prevent attackers from gaining real-world access to your data and computer systems,” as written by Fruhlinger. Meanwhile, technical controls build barriers around the hardware and software.
By applying this data and defense driven cybersecurity tactic, organizations are better prepared to take on a well-rounded, relevant and aligned course of action to cybersecurity.
Least Invasive Approaches For OT
If you have the basic controls in place and you conduct a cyber assessment or gap analysis, the assessment frequently recommends that you develop a network segmentation strategy to reduce your attack surface as a place to start. Often referred to as the “Purdue” model framework, it provides physical separation of the layers in your network. This requires re-architecting and frequently updating some level of hardware either switch gear or deploying additional firewall across segments.
Network Intrusion Detection(IDS) has also become increasingly popular over the last several years as well. The biggest benefit of this technology is that it allows the security team(typically connected to IT) visibility into what are the actual assets in the OT world. Most of these systems also provide a level of deep packet inspection and a library of threat indicators that will trigger an alert if a threat is detected.
Software Defined Networking(SDN) is a more modern approach to hardening the attack surface. By creating policies as to what devices can communicate to each other, and by what protocol, it reduces the risk of an adversary manipulating and taking control of your network.
The list continues on with vulnerability management/patching, endpoint whitelisting, endpoint monitoring, data encryption and configuration change management as all strategies to enhance your defense in depth program.
Sources:
- https://www.automationworld.com/cybersecurity/article/22159173/securing-controls-with-defense-in-depth
- “Weekly Ransomware Attacks Taking a Toll on Security Pros” – Nathan Eddy, Security Boulevard
https://securityboulevard.com/2022/08/weekly-ransomware-attacks-taking-a-toll-on-security-pros/ - “The Industrial Cyber-Attack Evolution: How to Keep Your Network Safe” – Daniel dos Santos, Info Security
https://www.infosecurity-magazine.com/blogs/industrial-cyber-attack-network/ - “Two Big OT Security Concerns Related to People: Human Error and Staff Shortages” – Eduard Kovacs, Security Week
https://www.securityweek.com/two-big-ot-security-concerns-related-people-human-error-and-staff-shortages - “Defense in depth explained: Layering tools and processes for better security” – Josh Fruhlinger, CSO
https://www.csoonline.com/article/3667476/defense-in-depth-explained-layering-tools-and-processes-for-better-security.html - “3 steps to conquer cyber-attacks through a data-driven defence” – Roger A. Grimes, World Economic Forum
https://www.weforum.org/agenda/2022/08/cybersecurity-data-driven-defense/
Learn about the ultimate solution to protect infrastructure networks, Net-Optix.