3 Ways to Secure IT and OT Environments in the Era of Convergence

Image for post
Image for post

If you touch any part of operational technology (OT), you’re likely well-aware of the mounting cyber threats facing critical infrastructure, which inherently runs on OT. OT drives our global economy, from treating the water we drink and making modern medicines to powering the lights in our homes. OT is essential, and cybercriminals are overtly aware of this dependence.

To make matters worse, the attack surface is expanding. We are now in the era of converged IT and OT environments, where previously isolated OT devices are now internet-accessible. Today’s adversaries are entering OT environments and critical infrastructure from all bases, even by traversing from IT to OT. The recent Activity Alert from the U.S. National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) warned of increased malicious activity targeting critical infrastructure and urged facilities to take immediate action to secure OT assets. A recent study from Forrester Consulting, commissioned by Tenable, supports this, citing that 65 percent of U.S. organizations experienced business-impacting cyberattacks or compromises that involved operational technology systems in the past year.

The underlying message here is to be prepared-but how?

Listen to Your Network

Cybercriminals move fast, and today’s interconnected devices have provided a number of entry points. Organizations can benefit from equipping security teams with tools built to scan and assess IT and address OT through real-time, passive monitoring. Utilizing passive monitoring provides security teams with holistic visibility into which hosts (computers or devices) are active on the network, when new hosts become active, which ports/services are active, and which inter-asset connections. If a cybercriminal attempts to exploit a vulnerability and instigates a network attack, passive monitoring is key for teams to stay aware and swiftly take action to remediate.

Maintain Device-Level Visibility

Active querying is a proactive approach to securing operations that brings timely insights about the OT devices on your network. It takes into account all operating systems, firmware and configurations and delivers vital, real-time data on all assets, vulnerabilities, and security risks. If successful, an attack on control devices could cause imperfect or dangerous medicines to be made in a pharmaceutical production facility, or allow for a faulty vehicle to leave the assembly line. Maintaining device-level visibility to remediate vulnerabilities and monitor changes for anomalies can stop a cybercriminal in his or her tracks, before affecting operations.

Embrace Risk-Based Vulnerability Management

Instead of using precious time to sort through low-risk vulnerabilities, security teams should prioritize remediation of the vulnerabilities that pose the most risk to the business. This can be achieved with tools that leverage data science, predictive analytics, and research to predict which vulnerabilities should be prioritized based on the likelihood of actual exploitation. Taking a risk-based approach to vulnerability management can streamline operations to improve security posture.

Just as cybercriminals are often ruthless in their attempts to break into networks, organizations operating OT and critical infrastructure should act in-kind and continuously secure all access points. A proactive over reactive approach to cybersecurity is essential to keep the pace to face the threats in today’s converged environments. A combination of passive monitoring, active querying, and risk-based vulnerability management helps security teams seal all virtual doors and windows, and raises the alarm during potential attacks. With this peace of mind, industrial organizations can focus on what matters most: the critical operations driving the global economy and welfare.

Interested in reading more articles like this? Subscribe to the ISAGCA blogand receive weekly emails with links to the latest thought leadership, tips, research, and other insights from automation cybersecurity leaders.

Originally published at https://gca.isa.org.

The Startup

Medium's largest active publication, followed by +775K people. Follow to join our community.

International Society of Automation - ISA Official

Written by

The International Society of Automation (isa.org) is a non-profit professional association founded in 1945 to create a better world through automation.

The Startup

Medium's largest active publication, followed by +775K people. Follow to join our community.

International Society of Automation - ISA Official

Written by

The International Society of Automation (isa.org) is a non-profit professional association founded in 1945 to create a better world through automation.

The Startup

Medium's largest active publication, followed by +775K people. Follow to join our community.

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store