The security challenge of OT/IT convergence
Today, many industrial organisations rely heavily on operational technology (OT) environments to produce goods and deliver services. Unlike traditional IT operations that rely on servers, routers, PCs and switches, OT is defined as hardware and software designed to detect or cause a change through the direct monitoring and/or control of industrial equipment, assets, processes and events.
OT devices are proliferating and include programmable logic controllers (PLCs), distributed control systems (DCSes) and human machine interfaces (HMIs). Working in unison, they are designed to ensure the smooth running of factories, plants and workshops. However, many OT devices are vulnerable to cyber attacks, which could result in costly disruptions and inconvenient downtime.
This is the word from Deon Smal, CEO of Cyber Insight, a leading cyber security consulting and advisory firm. He says although OT devices have been around for some time, current iterations feature major upgrades, keeping pace with rapidly evolving OT infrastructures.
“It is increasingly evident that manufacturing systems controlling physical events and processes are converging with back-end hardware and software for conveying and processing information,” he says.
“This is possible because of advances in machine-to-machine communication and the introduction of sophisticated IOT sensors and actuators that can be fitted to physical equipment. OT and IT are thus becoming analogous.”
Smal notes this convergence is in line with the adoption of industry 4.0 technology, which represents the latest stage in the organisation and control of the industrial value chain that will see many thousands of devices connected via the industrial internet of things (IIOT).
While these initiatives are geared to deliver substantial efficiencies and cost savings, they are not without risk, he warns. “Without proper OT security, you can introduce new attack surfaces and vectors and you could jeopardise the security of both your OT infrastructure and IT operations.”
Against this backdrop, Cyber Insight, in partnership with Maxtec, a leading South African technology distributor, has released a series of comprehensive security tools aimed at IT managers and production plant executives designed to provide the highest levels of visibility into converged IT/OT operations.
This “cyber security toolkit”, now available from Cyber Insight and backed by the company’s expertise and resources, will assist users to build secure cyber defences, giving them the ability to gain deep situational awareness across all sites – large and small – including their respective OT assets, from Windows servers to PLC backplanes, via a single interface.
“Cyber Insight’s security toolkit provides visibility into converged attack surfaces while measuring and controlling cyber risk across OT and IT systems. This helps protect against increasingly advanced cyber threats posed by new-generation hackers as well as maliciously minded, tech-savvy insiders,” explains Smal, who emphasises the criticality associated with the mechanics of how OT and IT systems integrate as missteps can be catastrophic from a security standpoint.
Key features of Cyber Insight’s security toolkit include a “multi-detection instrument” capable of being tuned to suit each unique environment. It identifies high-risk events and behaviours that can impact OT operations while activating predefined policies – or creating custom policies – that block or list specific activities that may point to cyber threats or even genuine operational mistakes.
“Policies can also trigger active checks for predefined situations. This reveals risky events that don’t rise above the statistical noise such as malware, reconnaissance activity and querying-device firmware from a human machine interface,” says Smal.
The toolkit addresses behavioural anomalies by detecting deviations from regular network traffic based on pattern baselines, which include a mixture of time ranges, protocols and devices, allowing detection of suspicious activity indicative of malware or rogue devices.
An additional feature of the toolkit is its adaptive assessment function. According to Smal, around 30% of the devices in an OT environment do not communicate over the corporate network.
“The solution offered by Cyber Insight goes beyond network detection by performing device checks in the device’s native language. Fully configurable and customisable to each unique environment’s requirements, active testing facilitates deep insights and situational awareness into an infrastructure without impacting operations,” he says, confirming that this approach gathers far more information than network monitoring alone.
Focusing on the enterprise, Smal says the Cyber Insight toolkit expedites configuration control, effectively managing all assets, including hardware and software associated with every employee. “A full history is provided; for example, device configuration changes over time, granularity of specific ladder logic segments, diagnostic buffers, tag tables and more.
“This also enables network administrators to establish a backup snapshot allowing for faster recovery as well as compliance with industry norms and regulations.”
Smal adds that different roles within an organisation should have different levels of access to resources. “Cyber Insight’s toolkit helps ensure that the right access levels are maintained for each employee and every role within the organisation so that only authorised personnel have the access they require – particularly to cloud services – and do not have extended privileges to sensitive areas.
“This also applies to situations involving employees leaving an organisation and how their exits are controlled and managed.”
As part of its launch initiative, Cyber Insight is offering a free tutorial with guidelines on how the human resources (HR) and IT departments could best collaborate and merge their objectives as their organisations move to maximise visibility, security and control across all corporate infrastructures.