Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

OT Networks Are Becoming Essential Components of IT Risk Management, Governance

Recent global events have convinced us that digital transformation is here to stay and, in fact, accelerating. Companies that had already begun to embrace digital transformation were able to adapt more quickly to disruption and demonstrate greater resiliency. Now that the initial rush to support a shift to a more distributed model is behind us, we have an opportunity to pause and consider what work still needs to be done to further resiliency.

Recent global events have convinced us that digital transformation is here to stay and, in fact, accelerating. Companies that had already begun to embrace digital transformation were able to adapt more quickly to disruption and demonstrate greater resiliency. Now that the initial rush to support a shift to a more distributed model is behind us, we have an opportunity to pause and consider what work still needs to be done to further resiliency. For the 45% of Fortune 2000 companies in industries that depend on operational technology (OT) networks to run their business, it’s likely time to revisit IT risk management and governance and determine how to include OT networks. 

Looking at governance and processes holistically can be a challenge for various reasons. To begin with, IT and OT teams prioritize the three principles of confidentiality, integrity, and availability (CIA) differently. The teams that manage information security typically prioritize confidentiality of data over integrity and availability, whereas the teams that run OT networks prioritize availability (or uptime) over integrity and confidentiality. This difference tends to overshadow the fact that both teams share the same desired outcome – risk reduction. We can respect those priorities by employing different approaches and different tools as we work toward a common goal.  

Another area that presents a challenge is the different way in which organizations, versus adversaries, view IT and OT networks. Organizations tend to think of these as separate networks, whereas adversaries don’t see things this way. To them, a network is a network, so attacks are intertwined. NotPetya is a prime example of an attack devised to spread quickly and indiscriminately across an organization. While OT networks were not the primary target, the accidental spill-over of NotPetya from IT to OT networks was a wake-up call that we must think of these networks as one and strive for a consolidated picture of our technology infrastructure. 

 

Learn more about industrial threats at SecurityWeek’s 2020 ICS Cyber Security Conference and SecurityWeek’s Security Summits virtual event series

Without being attuned to these first two points, many organizations go down the path of creating an OT governance process and Security Operations Center (SOC) separate from IT, which introduces risk to digital transformation initiatives. Recreating processes and doubling coordination wastes time and effort and isn’t effective. Instead, what’s needed is a way to extend existing IT risk management and governance processes to include OT networks. 

A more secure digital transformation journey begins by embracing the differences between IT and OT networks. It’s very challenging for OT professionals to play catch up and close the 25+ year IT-OT security gap. The combination of legacy devices, many more attack vectors, and opportunistic adversaries creates a perfect storm situation. But we can’t let this deter us. In fact, because OT networks have no modern security controls, we have an opportunity to start with a clean slate and build an OT security program from scratch. There is no need to recreate the complexity of the IT security stack with 15+ security tools and embark on lengthy projects, like physical segmentation, which take too long and often aren’t effective or necessary. 

OT networks are designed to communicate and share much more information than is typically available from IT components – the software version they are running, firmware, serial numbers, and more. OT network traffic provides all the security information needed to monitor for threats and can fuel playbooks that will fulfill multiple security controls. With a single, agentless solution for asset visibility and continuous threat monitoring that can be implemented quickly and integrated into IT systems and workflows, we can start to close the IT-OT security gap without risk to productivity or downtime. IT and OT teams can work together, leveraging visibility and continuity across the attack surface to govern OT networks with the same processes and reporting metrics. 

Digital transformation is a necessity and, increasingly, Fortune 500 companies have the support of their board of directors and budgets to reduce risk to their OT networks. Fueled by these two imperatives, along with purpose-built OT security technologies and holistic risk management and governance practices, IT and OT teams can continue their great work of the last few months and drive toward a more secure, digital future.  

Advertisement. Scroll to continue reading.
Written By

Galina Antova is the Co-founder and Chief Business Development Officer at Claroty. Prior to that, she was the Global Head of Industrial Security Services at Siemens, overseeing development of its services that protect industrial customers against cyber-attacks. She was also responsible for leading its Cyber Security Practice and Cyber Security Operations Center, which provided managed security services for industrial control systems operators. Previously, Ms. Antova was with IBM Canada, with roles in the Provisioning and Cloud Solutions business. She holds a BS in Computer Science from York University in Toronto, and an MBA from the International Institute of Management and Development (IMD) in Lausanne, Switzerland.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

ICS/OT

The overall effect of current global geopolitical conditions is that nation states have a greater incentive to target the ICS/OT of critical industries, while...

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

ICS/OT

Wago has patched critical vulnerabilities that can allow hackers to take complete control of its programmable logic controllers (PLCs).

Cybercrime

Energy giants Schneider Electric and Siemens Energy confirm being targeted by the Cl0p ransomware group in the campaign exploiting a MOVEit zero-day.

ICS/OT

Otorio has released a free tool that organizations can use to detect and address issues related to DCOM authentication.

ICS/OT

Municipal Water Authority of Aliquippa in Pennsylvania confirms that hackers took control of a booster station, but says no risk to drinking water or...

ICS/OT

Mandiant's Chief analyst urges critical infrastructure defenders to work on finding and removing traces of Volt Typhoon, a Chinese government-backed hacking team caught in...