As many other industrial corporations, you have decided to address the challenges of securing your OT network. But where and how should you start?
WannaCry. NotPetya. CrashOverride. Triton. Cyber attacks don’t only target IT networks. Some are even specifically designed to disrupt industrial networks such as the attack on the Ukrainian power grid, or the one on industrial safety systems in the Middle-East.
Implementing cybersecurity best practices to OT networks can be a complex project for 2 reasons:
- The nature of processes controlled by OT systems makes IT security procedures inapplicable. Industrial operations cannot be interrupted. Critical devices cannot be scanned. Outdated hardware and software products are widely used. Attacks often look like legitimate instructions to industrial control systems. Etc.
- OT networks have been unmanaged, from a security and risk perspective, for many years. They are flat, with a mix of OT protocols, unidentified assets, legacy systems and devices with insecure communications. Security teams generally have no visibility into their OT assets, and they don’t know where to start.
Over the last few years, Sentryo has been involved in many OT cybersecurity projects. The most successful ones had similar characteristics:
- They were driven by a transversal team encompassing cybersecurity experts from the IT team and OT process specialists from the production team,
- They ended defining new security procedures, apply new ways of thinking and sometimes changed the organization for OT and IT experts to better work together towards common objectives,
- They deployed specific technologies to cope with the constraints of their OT environment and provide visibility on OT assets and anomalies to traditional IT security platforms.
These key success factors are very well described by Gartner in the IT/OT Security Strategic Roadmap they recently published. Gartner explains the steps to build an integrated IT/OT security policy framework that takes into account the key differences between IT and OT environments regarding cybersecurity.
We strongly encourage CISOs and IT/OT security experts to read this Gartner report as it offers a methodology to drive change and implement integrated IT/OT security that addresses 4 mandatory dimensions:
- Predict: Know your infrastructure and threats. Manage risks.
- Prevent: Enforce security policies and procedures.
- Detect: Continuously monitor OT security for threats and vulnerabilities.
- Respond: Block attacks and restore systems.
As you have decided to secure your OT environment, this Gartner report will help you define objectives and build a plan. Integrating IT and OT security might be a long journey, but it will always start with the same initial step: Building a comprehensive asset inventory and assessing your security posture.
Sentryo’s ICS CyberVision is designed to easily build and maintain as precise inventory of all your devices, communication flows and vulnerabilities in your industrial network. It helps you quickly gain visibility on your current posture so you can identify what needs to be done.
As your project matures and you are getting ready to implement proactive monitoring and security procedures, Sentryo’s ICS CyberVision will continuously monitor your OT environment to detect threats. It works together with your traditional IT security platforms to enable a unified approach to IT and OT security in the corporate SOC.
It is our pleasure to offer you the Gartner IT/OT Security Strategic Roadmap. Please have a look at it and get back to us to see how we can help you move forward on your OT security projects.
Gartner 2018 Strategic Roadmap for Integrated IT and OT Security, Saniye Alaybeyi, 3 May 2018.