OT Cyber Security, why talk about it now?
In these days of forced confinement there are several customers who call us to get some input on how to better manage plants and machinery remotely: make them accessible, in safety, by maintenance technicians and operators who would like to limit on-site interventions as much as possible, unless strictly necessary.
A safe and efficient method of connecting plant and machinery?
For others, today we find ourselves addressing the issue of "OT security" with them, a topic often postponed because they are caught up in daily life and other priorities. With some of them they are already well advanced, having started there some time ago "Security" of the network infrastructure of factory/system and remote connections.
The question is often this:
“I know you have told me many times about this in the past, but now tell me: to secure my plant, what should we do to best protect our factory systems?”
DO YOU WANT TO FIND OUT MORE? CLICK HERE!!!We know that there are no recipes and magic potions to deal with the issue of OT Security that are valid in every context, but this question forced us to think quickly and here we are a short list of what we would propose today:
1) Who to contact, and how to find someone who understands it?
Let's start with looking for a cyber security expert (and so far it's easy, there are a lot of them: everyone knows everything about ICT Security, if he's even good, it's to be checked). AND is at least ne know something about Industrial Automation (and here it's a little more difficult: everyone knows everything about ICT Security, but also about OT?).
Se then, finally, trovate a "true expert” of OT/ICS Cyber Security you are at a good point! (unfortunately there are not many on the square…)
2) Found your “real OT/ICS Cyber Security expert”, let him take a “picture” of your system: commission him a “OT/ICS Security/vulnerability assessment” (it can also be done remotely).
Please pay attention to the following:
a) do not ask him to do it for free (allocate a “reasonable” budget);
b) make sure that methodologies and tools suitable for the industrial world are used: risk it could be a block of the control system and probably also of the plant; (and this a "true expert" of OT/ICS Security should know)
c) identify and delimit the perimeter/purpose of the assessment, to prevent it from spreading to the corporate network as well (but if you have a single “flat network”, with no segmentation, then you have one more problem…). This too, a "true expert" of OT/ICS Security, surely knows it...!
3) Finally, holding the assessment report in hand and with in mind how the plant is made and how the network of control systems is made, let's start thinking about what to do: what are the assets to protect, what are those most important and most critical, what we can afford to "sacrifice" in the event of an accident, without causing damage to people, plants and the environment.
DO YOU WANT TO FIND OUT MORE? CLICK HERE!!!
Ultimately what are the risks, not only IT, but above all: what are the risks for the process controlled by the control system?
4) Once the critical points have been identified, we find a way to protect them adequately. If the problem is related to the FT/HA (Fault Tolerance/High Availability) of the system, we think about redundant that part of the system components that could represent weaknesses. We identify single-point-of-failures and use tools to make them HA or FT.
A couple of solutions (a SOFTWARE it's a HARDWARE) to bring the availability of your systems above 99,99% UPTIME:
5) If we have to protect against accesses, intrusions, malware, uncontrolled connections with industrial protocols, and similar threats, we adopt devices specifically designed for these purposes (Appliance solutions not specific to OT mode, may not be adequate!) and above all, keep in mind that IT Firewalls, configured only with IT rules, may not be adequate!
6) Let's think about business continuity, to the resilience for the plant and the system: cow best to survive an adverse event and get back up and running quickly. Let's think about how to make and manage back-ups of PC and Server software, but also of PLCs, robots, CNCs, AGVs, etc.!
The question is: do you keep track of the changes and above all… VERSIONING PLC, SCADA AND OTHER ICS SYSTEMS?
If not, you should read this too…or at least watch the video below!
7) We monitor the health of the infrastructure, of the components, of the network, of the devices and systems connected with systems to identify "anomalous events" and be ready for effective countermeasures.
In conclusion, in order not to make this post too long: the tools, methodologies and technologies to do OT/ICS Security are there, just focus on the right ones.
DO YOU WANT TO FIND OUT MORE? CLICK HERE!!!
And if, finally, you have asked yourself the problem, this is already a good starting point!
If you want to know more…