Industry Trends

Adaptive Cloud Security for OT and Industrial Control Systems

By Rick Peters | April 06, 2021

Industry Perspectives

The cyber physical world around us is becoming more digitized and as a result, organizations have been forced to adopt new operational processes to stay afloat. From web-enabled sensors that collect data to the use of cloud-based applications, the execution of innovative strategies are shifting the way business is accomplished across industries, including operational technology (OT) environments. The increased  transformation attention and appetite for more data is only expected to grow, as will the volume of relevant and timely actionable intelligence. All of this leads to an increased need for meaningful automated awareness that can address the scale of potential threats associated with the rise in connected cloud security environments within OT. 

Challenges Impacting How Operational Environments Leverage Cloud Security

The speed of technology driven innovation is arguably faster than ever, which makes it difficult to continuously enforce security controls. When executing solution strategy to secure OT cloud environments, security teams must be able to address the following challenges: 

  • Broad attack surfaceAmid the convergence of information technology (IT) and OT networks, as well as increased cloud adoption, the attack surface continues to proportionally broaden. In the past, OT systems remained on-premises, locked behind corporate networks. Now, relatively insecure OT devices can introduce weaknesses in the organization’s cloud IT infrastructure. 
  • Cloud misconfigurations: Building on the broadened attack surface, misconfigured cloud-based resources leave critical OT environments at risk. Malicious actors targeting a misconfiguration when moving laterally within the OT infrastructure can wreak havoc. With cyber and physical systems interconnected, companies risk physical harm to employees, as well as data exfiltration. 
  • Legacy ITIndustrial Control Systems (ICS) have been the heart OT cyber physical infrastructure since early in the 20th century. On the other hand, the notion of connecting ICS to the cloud is a relatively new consideration. Moving legacy hardware and software, which are often decades old, to the cloud means potentially introducing a range of vulnerabilities to infrastructure that is less resilient that its IT counterpart. This presents cyber criminals with an opportunity to leverage historical tradecraft to gain access and perform reconnaissance before employing more sophisticated techniques once they have achieved their target.

Establishing an Adaptive Cloud Security Approach

Proactively protecting ICS is a crucial aspect of successfully mitigating risk as part of the Fourth Industrial Revolution. Amid the digitization of operations, organizations must be able to protect data as it moves back and forth between OT and IT infrastructures. Firstly, this requires organizations to weave security into their initial plans as they build out their new hybrid infrastructures. Best practices for managing OT and cybersecurity by design should include:

  • Centralized network security: Centralizing network visibility and monitoring across the IT and OT environments with a network operations center (NOC).
  • Application security: Tracking and reporting on software vulnerabilities. 
  • Platform security: Deploying security as part of the foundation rather than as an afterthought.

In addition, securing the business edge requires an adaptive approach to cloud security that spans across on-premise, multi-cloud, and hybrid infrastructures. As part of this, organizations can take a four-pillar approach to their adaptive cloud security strategy to yield continuous earned trust: 

  • Zero Trust: Using intent-based segmentation that interprets business and security requirements, then automatically converts them into a segmentation policy, can help isolate workflows and applications.
  • Security-driven networking: Integrating network infrastructure with security architecture using an integrated security platform to enable access control and segmentation.
  • Adaptive cloud security: Connecting resources to protect from multiple threat vectors while leveraging consistent models and integrating with third-party applications.
  • Artificial Intelligence-driven security operations: Deploying technologies like artificial intelligence (AI) and machine learning (ML) coupled with automated processes can detect and neutralize threats at the speed of business. 

Securing Converged IT/OT Environments

Like any infrastructure expansion, the benefits of moving OT to the cloud can outweigh the risks. At the same time, however, organizations must implement a robust security strategy to mitigate these potential risks. One example of this is leveraging automation to improve processes, enhance analytic accuracy, and reduce errors. To secure these IT/OT interconnected layers, organizations must view them as systems within systems, with the whole more complex than the sum of its parts. Vigilance across the OT architecture must extend from the plant floor all the way up through to the cloud. Foundationally, visibility remains a primary problem to address as organizations move toward a digitally transformed IT/OT environment. 

These transformational challenges associated with migrating to the cloud can be addressed with the adoption of Fortinet’s Security Fabric. This ecosystem delivers on cyber best practices, managing the detection of suspicious activities and putting into play a containment and mitigation strategy to ensure safe and continuous operations. The Security Fabric enables organizations to build security by design with the broadest set of offerings to maintain the same level of security across their IT and OT network environments. The centralized management system enables OT businesses to configure, manage, and monitor all components, to eliminate silos and provide greater visibility. The integrated security architecture minimizes threat detection and response times while also enabling users to coordinate automated incident response for enhanced threat remediation across the extended network. 

All of these security solution components work together to ensure safe, sustained operations – a concept that is top of mind across OT and embodies the ICS infrastructure upon which they are built. By identifying and adopting services that provide sustained situational awareness, OT leaders can achieve a sense of omnipresence to protect the transactions of their new cloud businesses.

Learn how Fortinet can help you extend security and maintain compliance in any ICS/SCADA-connected environment.

Learn how Fortinet’s adaptive cloud security solutions provide increased visibility and control across cloud infrastructures, enabling secure applications and connectivity from data center to cloud.