Security Experts:

Industrial Defense In The Cloud

It was not that long ago when one of the measures of a company’s maturity was whether it had its own data center or not. In some cases, the data center occupied one or two floors in the company’s facility while in others, the data center may have sprawled across several locations for full redundancy.

In a relatively short period of time, we’ve evolved to the point where the true measure of an organization’s IT maturity is whether or not it has migrated to the cloud. With more and more IT infrastructure becoming virtual, dedicated physical data centers are becoming a relic of the past and for good reason. 

Cloud technology has afforded organizations many benefits, not only in terms of cost savings for procuring and managing equipment, but also in terms of becoming more nimble and efficient. Spinning up a new virtual machine or deploying a new service or technology can literally take hours compared to weeks or months under the old data center scenario which typically involved dedicating personnel to new initiatives for extended periods of time. It’s no wonder that organizations have phased out new data center projects in favor of an accelerated journey to the cloud.

When it comes to industrial control systems (ICS) or OT environments, the notion of the cloud is still new. In fact, these environments have always been very segregated from the rest of the IT infrastructure, largely as a security measure. The de-facto standard of air-gapping OT environments kept them secure because it was extremely hard to attack infrastructures that could not be reached. 

However, with the  increasing convergence of IT and OT, and the advent of new technologies such as IoT, ICS environments are no longer isolated. They are now squarely in the cross hairs of potential attacks from the outside as well as the inside. “Set it and forget it” when it comes to OT, is a thing of the past. Rather, carefully planning and deploying OT specific security controls is essential to ensure industrial processes remain safe despite being connected to the rest of IT and the outside world. 

With the increase in high-profile attacks such as LockerGoga, Shamoon, WannaCry and others, industrial organizations are recognizing their operational networks are susceptible to cyber attacks. As a result, many are investing in OT security technologies that complement their existing IT security controls and provide 360-degree visibility to help ensure the safety of their operations. 

Meanwhile, new advances in cloud technology are making it possible for industrial organizations of all sizes to take advantage of OT security.

Until now, industrial security has required the physical deployment of equipment on site, which worked relatively well in most, but not all, instances. For some organizations like municipal water utilities, or a very large and distributed organizations such as a pipeline operators with multiple pumping stations, deploying hardware devices on location may not be practical. In these situations, organizations face the tough choice of having to deploy physical equipment even when it doesn’t make economic sense, or foregoing needed OT security controls and exposing themselves to unacceptable risk.

Fortunately, a new delivery model called Industrial Cyber Security as a Service (ICSaaS) has emerged to address this dilemma. The same cloud technology that has exposed OT networks to external threats is now providing an alternative for protecting organizations when the physical deployment of OT security equipment is not practical. ICSaaS eliminates the need for on premise devices in all locations. In fact, ICSaaS can yield other significant benefits beyond a zero on site footprint, such as:

● Crowdsourcing – With more organizations using the cloud, anonymized data can be gathered and analyzed to detect anomalous or suspicious  activity that may not raise red flags when it occurs in a single organization. Identifying these threats early by having more “eyes” can significantly benefit all organizations by defeating latent attacks.

 ● Live threat intelligence – being connected to the cloud makes it possible to take advantage of crowdsourced data analytics as noted above for issuing new threat alerts as well as new rule sets and signatures that can reduce vulnerability and threat windows from days, weeks or even months to hours.

● Active and Actionable Intelligence – ICSaaS can bring a whole new level of protection to OT environments by looking beyond the network to individual devices on the network. Networks generally do not get infected, devices do. Simply listening to traffic is too reactive, since attacks will only be discoverable this way “after” devices have already been infected and the threat is propagating across the network. ICSaaS can directly and safely query devices to stop the attack at its source, including those devices that may not even communicate on the network. 

By using the cloud, ICSaaS can extend OT security to environments where deploying on premise equipment is not viable or possible, while making ICS specific controls accessible to smaller organizations that lack the resources to deploy and manage their own devices. In this way, the cloud can raise the security posture of industrial and critical infrastructure environments regardless of their size, location or industry.

Learn More at SecurityWeek's ICS Cyber Security Conference

view counter
Barak Perelman is CEO of Indegy, an industrial cyber-security firm that improves operational safety and reliability for industrial control networks by providing situational awareness and real-time security.