We All Share the Same Objective of Risk Reduction, But in an OT Environment That Must be Implemented in a Different Way
In recent months, our definition of critical infrastructure has expanded and the convergence of IT and operational technology (OT) networks has accelerated dramatically. As more employees began working from home, the infrastructure of their homes became critical infrastructure to the business. For companies that had previously tried to keep their OT networks as isolated as possible and didn’t have remote connectivity in place, it was a slow and sometimes rocky start. Those that had begun to embrace digital transformation initiatives were able to transition more smoothly, as they had already started thinking about security in an expanding and open environment.
Whichever end of the spectrum you were on, the crisis also accelerated the need for IT and OT teams to collaborate. The extreme transformation of the workplace generated a lot of stress and questions, especially for organizations in industries that depend on physical processes – such as oil and gas, energy, utilities, manufacturing, pharmaceuticals, and food and beverage. How can we ensure production? How do we do so without compromising the health and safety of our employees? What can be done remotely and what needs to be done onsite? How do we enable this without increasing the risk of cyberattacks?
As organizations worked to answer these questions, they discovered that certain processes, like secure remote access to the shop floor, were not working well or did not exist at all. As enterprises shifted at least part of their OT staff to work from home, employees who previously worked on the shop floor suddenly needed to make changes to production lines and manufacturing processes from their home offices. In instances where companies didn’t have secure remote access capabilities in place, some OT engineers were using tools that weren’t supported by IT. In other cases, the solutions they had couldn’t scale or handle more complex connectivity challenges.
Practical next steps to facilitate collaboration
World circumstances have exposed security gaps and pushed IT and OT teams to work together to drive resolution, but good intentions only go so far. One of the long-standing barriers to collaboration is that security teams have had zero visibility into OT networks and no telemetry. The good news is that OT networks are designed to communicate and share much more information than is typically available from IT components – the software version they are running, firmware, serial numbers, and more.
OT network traffic provides all the security information you need to monitor for threats. Solutions that are purpose-built for OT visibility and continuous threat monitoring and that you can quickly implement, enable IT and OT teams to look at OT environments together, work from the same set of information, and take specific steps to build resiliency and reach new levels of productivity. Collaboration becomes concrete, not just philosophical.
We can see the immediate value if we return to the example of secure remote access to the shop floor. Now that the initial scramble to support remote workers is over, IT and OT teams need to continue to collaborate to make this connectivity more resilient, particularly if it was put together in a few days. With shared visibility and monitoring, you can observe remote sessions in real time and terminate those that present risk. You can define and enforce granular access permissions so that individual users are only given specific access to necessary assets for specific tasks for a set time window. You can also enforce multi-factor authentication and enable password vaulting to eliminate the risks associated with using, sharing, and managing passwords.
Fast-tracking digital transformation
Despite all the challenges of the last few months and the work still to be done to improve resiliency, CISOs and security practitioners tell me that one of the biggest opportunities lays in the increased acceptance of digital transformation projects. Depending on how far they were on their digital transformation journey, they and their peers either saw the benefits or experienced the pain of transitioning to a remote work model.
Companies that had not focused on distributed models because they weren’t recommended or even considered possible, now know they are not only possible, but essential to building resiliency, maintaining productivity, and driving competitive advantage. However, it’s very challenging for OT professionals to play catch up and close the 25+ year IT-OT security gap, particularly as the number of connectivity points grows exponentially. A combination of legacy devices, many more attack vectors, and opportunistic adversaries create a perfect storm situation.
One important way organizations can help is to stop thinking of IT and OT networks as separate. Think of them as one backbone because that’s how adversaries are looking at your network. With this perspective, you can start to approach governance and processes holistically which will improve resiliency. On the technology side, because OT networks have no modern security controls, you have the benefit of working with a blank slate. There is no need to recreate the complexity of the IT security stack with 15+ security tools. There are OT technologies, best practices, and playbooks that will fulfill multiple security controls, so you can reduce risk in a much shorter period of time.
As we build towards a future that looks increasingly distributed, IT and OT environments will continue to converge, and IT and OT teams will collaborate even more to accelerate their digital transformation initiatives. We all share the same objective of risk reduction, but in an OT environment that must be implemented in a different way. Working together toward a common goal while respecting differences, we will become more resilient, faster – which is a good thing, because disruptions are inevitable.