How to Mitigate OT Security Threats with Best Practices and Right Approach?
The community of operational technology security professionals is constantly evolving, expanding, and learning from one another to better posture the world against cyber threats. This blog examines the consulting practice of mitigating cybersecurity risk, as seen through the eyes of an expert.
First, you can leverage the control scheme itself, which already provides some visibility into what is occurring. It appears to be NASA control. All day, operators sit and observe the process. You can keep what seems to be expected and what does not appear to be normal.
What’s novel is that the focus is no longer on the system itself but operational technologies and network security. The emphasis has been on integrating network visibility sensors into the control network, particularly over the last five or six years. Various companies are familiar with the protocols, such as MODBUS, Siemens S7, and DNP3, and have created sensors specifically for analyzing OT network traffic rather than IT network data.
It’s considerably more accessible now that there is a new control system. It’s common for them to employ virtual machines (VMs) to manage overtime, allowing you to assign agents to the areas. Microsoft Defender Antivirus can also be used in a Windows 10 or Windows 7 environment. This helps you capture the Windows event logs and switch logs. Monitoring OT cybersecurity at the network layer is essential because you must see what is happening in the records. It would be best if you also used DPI technologies like packet filtering to detect hacked devices.
Implementing the right tools for securing remote access to the OT network
To begin, if you do not require operational technology security, do not have it. That is the most secure course of action.
Second, if you really must have it, ensure that it is engineered for its required purpose and that access to it is carefully controlled. Additionally, it is critical to monitor and safeguard it using multifactor authentication (MFA), unless it is used for read-only access to the command center, in which case the danger is reduced with an operational technology network.
Often, these OT equipment suppliers want remote access with complete control to alter configurations as part of their warranty contracts, which implies you’ve granted someone a high level of direct access to your systems.
Lastly, establish a method for when to access operational technology security control is used and when it is disabled. You should at the very least be aware of who was present and for how long, as well as who did what, using audit logs, for example.
Are organizations continuously monitoring their OT networks?
The only one’s monitoring is those who are required to do so, such as nuclear power plants and the approximately 3,000 largest electric utilities regulated by the North American Electric Reliability Corporation’s Critical Infrastructure Protection Standards (NERC CIP), as well as any companies that have been attacked in the past. However, even NERC CIP does not demand continuous network security monitoring, preferring to monitor event logs in a SIEM, which means you can still miss anything.
Thus, it is a small percentage, particularly in unregulated industries such as manufacturing, medicines, chemicals, oil and gas, mining, and warehousing.
Leveraging teams to break down OT and IT silos
Communication. That is the only course of action available to you. If you work in IT, walk down to the operators with a box of doughnuts and ask, “What are the pain points here?” How can you better understand what you do so that businesses can communicate effectively, and you won’t swat your hand every time executives need a patch? Instead, they will be happy that someone came to learn about what they do.
Generally, when an operational technology security person comes in wearing a white hard hat that has never been scratched, operators assume, “Do not touch anything.” However, when trust and communication are established, an organization is strengthened, and training and information exchange may begin.
Blending IT and OT security in the security operations center (SOC)
Nuclear power plants have their social structure, while corporations have their own. A nuclear power plant will have its SOC (if it is independent of the outside world and the IT network) since it is in a secure area (an air-gapped area) and separated from the rest of the firm. This is possible, especially if you have an oil and gas atmosphere.
Pros and drawbacks are both present. You can do it anyway if you have the finances and the budget. To come up with the greatest answer, set your workers in a room, feed them pizza for lunch, and let them work things out. Unified operational technology security has various advantages. You don’t even need a specialized SOC analyst with an OT requirement.
A qualified IT security professional should learn from control engineers or operators, and after that, build these warnings and look for tools and rules that may be adjusted.
