In many organizations, traditional IT and critical Operational Technology (OT) networks are being merged to take advantage of the speed and efficiency of today’s digital marketplace. Typical OT networks are comprised of switches, monitors, sensors, valves, and manufacturing devices managed by an ICS system through remote terminal units (RTUs) and programmable logic controllers (PLCs) over a serial or IP connection. Since these systems manage sensitive and sometimes dangerous environments, they demand safe and continuous operation. To achieve that, they have traditionally tended to be air-gapped from the IT network to avoid the sorts of intermittent network or device crashes that IT systems can tolerate.
These systems are built upon high-value OT assets that can range into the billions of dollars. A system crash on a manufacturing floor can stall production for hours and potentially ruin millions of dollars in materials. Even worse, having to reset an open furnace or a 10,000-gallon boiler processing caustic chemicals can have far more devastating consequences than temporarily losing access to an online printer.
Since the primary goals of an OT environment are the safety of employees and local communities, while ensuring the constant availability and uptime of the network, its connected devices, applications, and operating systems are rarely updated. In fact, because these systems can operate for 30 to 40 years in their OT environments, they depend on dated configurations that remain unpatched. And because patching and updating devices can require shutting down entire systems, most OT managers follow the “if it isn’t broken, don’t fix it” rule. As a result, many older OT systems are notoriously vulnerable to malware and other threats that IT networks are naturally protected against. Complicating the problem further, many of the devices and systems installed in an OT network are also notoriously fragile. Even processes as benign as active device scanning can cause them to fail.
Digital transformation is impacting the security of OT environments
The challenge is that today’s digital marketplace requires organizations to respond faster to consumer demands than traditional OT processes can deliver. The addition of modern Industrial IoT (IIoT) devices to OT networks enables organizations to automate what were traditionally static, and mostly manual OT processes, as well as create smart physical environments such as office buildings, manufacturing floors, inventory warehouses, or physical plants. Effectively competing in the digital economy also requires integrating things like real-time data collection and analysis and remote management tools into OT networks to realize greater efficiency.
Beyond the need for an efficient and timely response, an additional challenge is surfacing as a result of digital transformation. System complexity brought about through the amalgamation of OT technology is raising the stakes, and the complexity of security integration, even higher. In smart buildings, for example, there exists a system of systems running simultaneously, including electrical grids, communications, security systems such as badge readers and access controls, fire protection, HVAC systems, and elevators. To manage these IIoT, OT, and IT systems centrally, they are increasingly being merged into a single control system. And in an environment where OT teams are managing multiple buildings simultaneously, this may also entail enabling remote management through a cloud-based platform.
Bolt-on security is not an option
Of course, given what we know about most OT environments, the implications of digital transformation and convergence from a security perspective are self-evident. As a result, a more systematic solutions approach is essential to solving modern OT security challenges. Attempts to address risk by simply deploying off-the-shelf firewalls, sandboxes, and IPS systems into OT environments present an unacceptable, disruptive, and uncertain outcome. Security tools need to be purpose-built to understand the sorts of protocols, communications, and services that have been deployed to preserve safety and availability while implementing OT security.
Instead, organizations need to start by designing security into the OT environment at the highest level to address the bigger picture that provides the absolutes of availability, safety, and security without having to bolt security onto the network as an afterthought. Lacking an architected and integrated strategy, security can quickly scale out of proportion if you try to secure and manage each of these systems separately. As an example, in building automation systems an integrated, segmented, and layered approach enables security to extend beyond merely locking down the HVAC system, to delivering real-time analytics and control that ensures integrity while safeguarding other systems such as fire suppression.
Visibility, control, and zero trust
This journey towards securing modern OT environments is begun by establishing continuous visibility. Network access control solutions can help with inventorying and managing IIoT devices, including keeping track of every connected device on your network, even as devices join or leave or move from one location to another. But control in the OT environment also entails baselining normal traffic and predefining approved functions that yield recognition and real-time response to any behavior that is out of scope. Fortunately, device behaviors within an OT environment tend to be static and predictable, so anomalous behaviors are more likely to be immediately apparent and identified.
In today's converged OT workplace, there’s also a deafening level of trust afforded to both the individual as well as an untrusted device. Such implicit trust is why in many OT networks it's entirely possible for an engineer to be able to control any PLC in the network from a single laptop. Likewise, when environment access is granted to accomplish maintenance through wired or wireless access, complete system access via an uncontrolled laptop is not uncommon. This is why securing your OT environment requires organizations to migrate away from implied trust towards a zero trust model.
Imagine one of your engineers, Ron, has been sitting at an HMI workstation managing the same line for 15 years. He's never given you any cause for concern, so you trust him implicitly. The advent of convergence, however, presents new severe OT risk, and what worked historically is now being replaced with systems that are suddenly interconnected and highly vulnerable devices that can be compromised remotely.
Part of the challenge is changing your paradigm. It often helps to start by assuming that your system has already been compromised. Visualizing the presence of malware, unmitigated access, and the ability of a threat actor to elevate privilege enables OT security teams to implement a more proactive approach to identifying and neutralizing access to critical and highly valued OT assets. This approach also enables establishing processes for at-speed recognition of actions that are beyond the scope of normal.
Finally, organizations need to shift from a reactive to a proactive security posture, allowing them to securely integrate their OT processes while extending protection far beyond those available with present day system defenses. Zero trust goes beyond merely changing policies and procedures, and requires engineering security directly into the environment to enable proactive security.
This requires implementing technical strategies such as segmentation and multi-factor authentication to mitigate the access control risk. For example, when a user or device is authorized into a specific subsection of the OT network at layer two of the Purdue model, they are limited to functioning properly within that restricted network zone. Likewise, all activity beyond the immediate authorized domain would require authenticated approval, thereby precluding an ability to impact the OT infrastructure both vertically and horizontally.
The integration of IIoT devices into OT networks is inevitable for any organization looking to remain competitive in today’s digital economy. The challenge is to implement security without compromising availability or safety. Due to the very converged disposition of modern OT networks, this requires
· Implementing purpose-built security devices designed for OT environments to protect the network from IT, the cloud, and the Internet
· Establishing continuous visibility into devices and their behaviors with a combination of NAC (Network Access Control) and behavioral analytics
· Moving towards a zero-trust security model built around the exercise of considering that you may already be compromised
· Implementing basic controls such as two-factor authentication and segmentation to isolate critical functions will limit system exposure in the event of a compromise.
Of course, these are just the first stepping stones to bridge the security challenges facing OT environments. With these foundational elements in place, organizations can continue to build a resilient and scalable security strategy that can grow and adapt as their OT environment continues to evolve.
Access or download the full “Independent Study Pinpoints Significant SCADA/ICS Cybersecurity Risks”
Read more about the unique challenges of securing operational technology systems and how Fortinet can help.
Read more about Fortinet’s leadership in OT security expanded with new additions to its Fabric-Ready partner ecosystem.