Cybersecurity has never been more challenging for industrial organizations. Recent attacks on critical safety systems have shown that conventional defenses can’t stop sophisticated attackers.
Growing political unrest is increasing the likelihood of more sophisticated attacks against industries that support everyday life, like electric utilities, transportation and manufacturing. The potential risks to safety, operational performance, and information confidentiality demand constant vigilance.
Digital transformation is adding fuel to this firestorm. Deployments of unmanaged IoT devices are expanding attack surfaces. Increased connectivity between IT, OT, Cloud, and third-party systems is creating more ways for attackers to pivot into critical systems. Defending them against these new vulnerabilities is both critical and challenging, as these developments can arise without warning.
Industrial Operators Need Broad and Deep Visibility
Security teams may not be able to completely defend systems against increasingly sophisticated cyberattacks. And, they will continue to have challenges protecting the ever-expanding threat surface created by digital connectivity. But visibility of these threats can help them minimize the security risks. Those who know about new malware and attacks on other organizations can update their security policies and heighten monitoring of at-risk assets and users.
Systemwide awareness of device and communication vulnerabilities can drive security efforts toward the most critical issues. Recognition of changes in assets and connectivity can trigger prompt reviews and responses for new weaknesses that arise in security defenses and policies.
To be effective, visibility must be both broad and deep, covering all assets and connected systems. Visibility must also be comprehensive, providing defenders with the information they need to quickly evaluate risks and implement a proper response. Quick detection of changes is also essential, to give security personnel time to act before attackers can exploit new vulnerabilities.
While security teams have these capabilities for conventional IT systems, they often lack good visibility for OT systems and unmanaged IoT devices. This increases the risks for all connected systems.
Continuous OT Network Monitoring Can Enhance Threat Visibility
Continuous OT network monitoring solutions have become a key tool for security visibility within complex industrial control systems. The visibility value of these products has been proven across a wide range of industrial operations.
Use of passive network traffic monitoring and deep packet inspection of proprietary protocols ensures that basic asset information is collected without violating stringent constraints of real-time, 24×7 control systems. Solutions also quickly detect any changes that occur in system assets and normal network message flows.
Significant enhancements have been made to continuous OT network monitoring technology over the last few years. Advanced solutions, like Nozomi Networks Guardian, include capabilities that greatly extend security visibility across a broad range of IT, OT and IoT devices. This includes devices with traditional and non-traditional operating systems; conventional and proprietary communications; and, varying levels of internal security capabilities.
New network monitoring options also enable cost-effective deployment of monitoring to more assets and deeper control system levels. This include a wide-range of passive sensors with varying capabilities and form-factors, intelligent active polling, and virtual solutions embedded in popular networking appliances.
Improvements have also been made in the delivery of information and integration with other visibility tools. Early solutions provided local, OT-centric command centers with limited contextual support. Modern continuous OT monitoring solutions aggregate information from many systems, provide comprehensive alerts with contextual analysis support, analyze devices for known vulnerabilities, and guide users in addressing at-risk devices.
Published APIs and proven integrations with popular SIEMs and networking products have made it easy to integrate these products with popular IT visibility and SOC applications.
Today’s Risks Demand an Integrated Industrial IT-OT Cybersecurity Strategy
Industrial organizations have traditionally viewed security from a siloed perspective. This was based on the unique challenges of IT and OT systems that demanded different security people, processes, and technologies.
The benefits of managing similar technologies with similar security methods were discounted in the belief that unique domain concerns and constraints take precedence. While domain differences need to be acknowledged, the inefficiencies and ineffectiveness of current approaches can no longer be tolerated. Many OT systems remain at risk of serious incidents. Security inconsistencies between IT and OT systems are enabling cross-domain attacks.
To address these critical issues, organizations need to adopt a more logical, functional view of cybersecurity and recognize that risks are the same regardless of where or how a cyber device is used.
Today, IT and OT systems require the same level of security support from people with specific expertise in PCs, servers, cloud applications, networks, mobile devices, and embedded systems that underlie modern IoT devices. Experts in specific application areas, like OT and cloud, can provide guidance regarding the appropriateness of various defenses and practices. But security management is best left to specialists.
Efficient and effective industrial cybersecurity requires a comprehensive strategy that includes:
- a cross-trained team of cybersecurity professionals
- a common set of security management processes, and
- a shared security technology portfolio that supports cross-domain management of endpoint protection, network security, and threat detection and response.
Visibility of all assets is essential and requires solutions that respect domain constraints.
Implementation of a modern continuous OT network monitoring solution can help organizations meet these requirements and give industrial security teams the broad AND deep information they need to handle today’s and tomorrow’s threats.