Today, it’s a very different story than legacy industrial systems relying upon proprietary protocols and software, which were manually managed and monitored by humans, and had no connection to the outside world; as we see more industrial systems brought online to deliver big data and smart analytics as well as adopt new capabilities and efficiencies through technological integrations. IT-OT convergence gives organizations a single view of industrial systems together with process management solutions that ensure accurate information is delivered to people, machines, switches, sensors and devices at the right time and in the best format.
The objectives of the security paradigm in operational technology is much different than other sectors. This whitepaper audiences to Security and Risk Management departments and a structured policy and process to integrate basic security protocols to secure the Organization’s Operational Technology.
What is OT Security?
OT Security is defined “Practices and technologies used to
- protect people, assets, and information,
- monitor and/or control physical devices, processes and events, and
- initiate state changes to enterprise OT systems.
OT security solutions include a wide range of security technologies from next-generation firewalls (NGFWs) to security information and event management (SIEM) systems to identity access and management, and much more. Today, operational technology networks are facing security incidents.
Basic security parameters do not replace a risk-based approach but provides security and risk management leaders a foundation to build upon. The basic parameters are thus, formulated to give you a basic understanding of the security requirements:
Ensure Roles and Responsibilities Related to Security for Staff in the OT Environment Are Clear and Documented
No matter how security has been organized, roles and responsibilities should be unambiguously clear. The appropriate delineation of responsibilities is vital, especially in organizations with a focus on the security of both IT and OT. This is especially key to ensure security incidents that affect either IT or OT are addressed appropriately. The accountabilities of system owners and plant managers should be just as clear as the roles and responsibilities of the staff members of the OT security team.
Create Awareness and Train All OT Staff About Security in OT
As is the case in information security, security awareness is a key component in the prevention of OT security incidents. Most malware incidents in OT systems are caused by inappropriate human activity. Proper security awareness and training can play a significant role in preventing these malware infections from being introduced into OT systems. Awareness must include training that is specific to the organization and that describes interdependencies, the potential impact (including the impact on safety) and the potential for cascading issues. Security in OT requires three levels:
- Awareness — To focus attention on security
- Training — To produce relevant skills and competencies
- Education — To create security specialists
Maintain an Up-to-Date Asset Inventory of All OT Components
An inventory of all relevant assets should be maintained for all OT domains in the organization. All components should be included in both logical and physical network diagrams that also describe the connections and data flows between these components. Physical information about the devices, like Media Access Control (MAC) address, manufacturer, IP address and physical location should also be recorded together with their function, operating system and version information. The organization should have processes in place to keep the asset information continuously up to date. Owners should be identified for both the asset management process as well as for each component in the asset inventory itself.
Create and Test Backup and Restore Procedures
Ensure that a business impact analysis is used to determine the time-to-restore objective and recovery point objective (RPO) for the software configuration and set point data of each component in OT. Once those have been determined, SRM leaders should ensure that the OT site(s) create and maintain backup and recovery procedures for those OT components that hold specific configuration or set point data for the recovery time objective (RTO) and RPO, as determined by the business impact analysis. Additional topics to keep in mind when creating backup and restore procedures are ensuring that:
- The backup media is not stored in the same building as the system that has been backed up
- The backups are tested at least annually by restoring the back up on a fallback system
Create a Security Incident Response Process
Security incident response procedures are crucial to any security and risk management leader. For those SRM leaders not only looking after IT, but also after OT as well, this need is even further amplified.
Security and risk management leaders should therefore develop and document an incident response plan with the following instructions to respond to and limit the impact of incidents against OT:
- Keep the document and the language as simple as possible
- Ensure that the terminology, basic principles and actions are aligned and integrated with those used by the general IT incident response, problem management, business continuity and crisis management processes
- Recognize that the document will be read under intense pressure and severe time constraints
- Ensure that the procedure addresses real-world potential security incidents and enterprise specific requirements
- Focus on managing the consequences — not the causes — of the incident
Kanoo Elite provides a proactive and transformative approach to OT security. Instead of disparate point products operating in silos, Kanoo Elite enables multiple OT security technologies to work together across IT and OT environments. With full integration and shared threat intelligence, operational technology organizations gain fast, automated responses to attacks in any vector. Our solution covers the entire converged IT-OT network to close OT security gaps, deliver full visibility, and provide simplified management. Kanoo elite is the only vendor that can deliver a true integrated Security Fabric that covers the OT security best practices and requirements for the entire converged OT-IT network.