Security Experts:

Connect with us

Hi, what are you looking for?



IT, OT Collaboration Key to Securing Industrial Networks

Jeff Lund and David Meltzer at 2016 RSA Conference

Jeff Lund and David Meltzer at 2016 RSA Conference

SAN FRANCISCO – RSA CONFERENCE 2016 – The key to making industrial networks secure, resilient and reliable is a strong collaboration between information technology (IT) and operational technology (OT) teams.

In a talk at the RSA Conference this week in San Francisco, Jeff Lund, senior director of product line management at Belden’s Industrial IT Division, and David Meltzer, chief research officer at Belden-owned security firm Tripwire, provided a series of recommendations for both IT and OT professionals on what to do and what not to do when they are tasked with securing an industrial network.

The increasing number of incidents involving industrial control systems (ICS) has led many organizations to realize that steps must be taken to secure their infrastructure against attacks. However, the process of securing industrial systems brings several challenges that can only be overcome through collaboration between OT and IT security teams, which is not easy considering that each party has its own views and priorities.

As Meltzer and Lund pointed out in their presentation, IT security teams focus on — in this order — confidentiality, integrity and availability. On the other hand, for OT teams, the most important aspect is safety — the safety of both people and the environment. Furthermore, OT personnel prioritizes availability over integrity and confidentiality, mainly because the systems they supervise often cannot be shut down or restarted like the equipment IT people are used to.

Based on his recent experience with securing ICS, Meltzer said he learned some important things on how not to approach plant managers and control engineers. More precisely, the expert pointed out that it’s not wise to tell control engineers that they don’t “get” security, or that they are decades behind IT when it comes to security, or that they need IT security to make their networks more secure.

While it might seem easy from an IT perspective to secure an industrial network, the reality is that there are several issues that need to be understood before trying to secure ICS systems, such as the fact that even the slightest interference with critical systems can have serious consequences.

Meltzer advises IT security professionals who want to secure ICS to brush up on standards and best practices before getting to work. The expert recommends documentation such as NIST’s Guide to Industrial Control Systems Security, and ISA/IEC standards and technical reports that define procedures for implementing secure Industrial Automation and Control Systems (IACS). The Industrial Internet Consortium (IIC), an organization with more than 200 members, has also done some important work in this field over the past years.

As for OT teams, Meltzer believes a good place to start would be the SANS/CIS 20 Critical Security Controls, which provides specific and actionable advice for stopping the most pervasive and dangerous attacks.

Tripwire and Belden believe there are three main steps that need to be taken when securing ICS. One important step is securing the industrial network, which involves network segmentation and zoning, implementing monitoring systems, and securing wired and wireless communications.

Network zoning and segmentation, which involves separating various parts of the network, is useful not only against outside threats, as it prevents them from moving laterally in the network in case they gain access to a certain part of the system, but also against insiders, which account for many of the intentional incidents involving ICS.

“The common problem with insiders is ‘are there common credentials?’ — so if there is one password for all the systems, any insider could go break into all the systems,” Meltzer told SecurityWeek in an interview. “But if you have good password management, you’re using unique passwords, you’re segmenting out the network so that even an insider who is malicious is very limited in what they can actually cause damage to, and only in an area that you probably recognize who is responsible and who has access into those systems — that is good security hygiene.”

“The same good security practices that we apply to IT, are equally applicable to the OT side as well,” the expert said.

Another step is protecting industrial PCs, particularly machines running Windows, which are particularly vulnerable and most likely to get hacked. This phase involves inventorying connected assets, identifying unauthorized and malicious changes, identifying vulnerable and exploitable systems, and ensuring that systems are properly configured.

The third step is related to securing industrial controls, including detecting and responding to attacks, identifying unauthorized changes, identifying vulnerable and exploitable controls, and ensuring proper configurations.

The implementation of proper monitoring and logging systems is highly important. Such solutions don’t exist in many ICS environments, which translates into the inability of many organizations to determine the attack vectors used to target them.

When it comes to ICS systems, there are many cases where solutions that work for IT are not efficient for OT due to availability concerns. However, solutions do exist, from both Tripwire/Belden and other security firms. For example, Meltzer and Lund pointed out that there are products that can be used to assess and monitor control systems via non-invasive technologies that rely on readily available data.

Since securing ICS can only be done through collaboration between IT and OT teams, experts advise both sides to learn the basics of ICS, respectively IT, security. This would lead to each of them gaining a better understanding of what the other one is doing.

IT and OT staff should also work on building relationships. As for long-term goals, they should focus on driving or supporting efforts to create a collaborative environment and metrics that emphasize team work.

Related: Learn More at the ICS Cyber Security Conference

Related: Critical Infrastructure Incidents Increased in 2015, Says ICS-CERT

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...


Otorio has released a free tool that organizations can use to detect and address issues related to DCOM authentication.


Vulnerabilities in GE’s Proficy Historian product could be exploited for espionage and to cause damage and disruption in industrial environments.


A hacktivist group has made bold claims regarding an attack on an ICS device, but industry professionals have questioned their claims.

Cybersecurity Funding

Internet of Things (IoT) and Industrial IoT security provider Shield-IoT this week announced that it has closed a $7.4 million Series A funding round,...


Vulnerabilities in industrial routers made by InHand Networks could allow hackers to bypass security systems and gain access to OT networks.


Researchers have demonstrated that threat actors could obtain global private keys that protect some of Siemens’ industrial devices, and the vendor says it cannot...


Schneider Electric in recent months released patches for its EcoStruxure platform and some Modicon programmable logic controllers (PLCs) to address a critical vulnerability that...