By Sachin Shah, OT, Armis CTO
The distinction between information technology (IT) and operational technology (OT) is converging rapidly as the Industrial Internet of Things (iIoT) proliferates globally, along with cross-border traffic moisture from enterprise connected devices, applications and all types of connections. Federal Ecosystem.
Agencies have long managed and secured these two types of technology in different silos, using different approaches and solutions, sharing small amounts of data, and relying on the management of individual teams with unique skill sets. They also relied heavily on control segment networks to protect their OT devices. The convergence of IT and OT is closing the gap, and in doing so, making traditional isolated security models increasingly outdated and risky.
Although many legacy control systems still maintain effective segmented networks, the trend is to connect OT devices at the edge directly to enterprise networks. As a result, the Purdue Enterprise Reference Architecture model, which for years marked a standard layer of application, control, dataflow, and enforcement boundaries, is being flattened and the boundaries between levels are blurring. Organizations today cannot secure OT without securing it with IT.
The industry is already embracing a more integrated approach to IT/OT security, and Gartner states, “By 2025, 75% of OT Security Solutions It will be delivered through a multifunctional platform that is interoperable with IT security solutions.” Gartner also states, “As threats and vulnerabilities increase due to the accelerating brownfield operational technology/information technology convergence and the growing number of greenfield cyber-physical systems, OT security requirements evolve and require more IT security leaders to engage.” mention it.
Organizations today need a passive, agentless security approach to secure all types of connected devices (OT, IT, and IoT devices). You should be able to:
- Create a comprehensive inventory of all connected devices – OT and IT
Businesses today still struggle to see their entire inventory of IT assets, from managed to unmanaged, IoT devices, virtual machines to the cloud, and more. Most organizations cannot accurately identify all devices in their environment and airspace, both on-premises and at the edge, leaving them exposed to compliance, vulnerabilities, and security issues.
- Make sure all devices and technologies are discoverable
IT teams rely on asset discovery and configuration transparency to ensure visibility into the environments they manage. If your IT team can’t see your device, you can’t safely manage it. Therefore, government agencies must ensure discoverability with the ability to track IT and OT devices in real time to identify sensitive information such as location, users, and applications in use.
- Comprehensive coverage of security controls, devices and communications.
Security controls must meet most important cybersecurity objectives specified by security frameworks such as NIST CSF or CIS CSC and NISTIR 8228. The IT world typically requires the use of multiple security tools. For an OT environment, it would be desirable to use as few tools as possible to have comprehensive coverage of the necessary security controls. A secure platform should work with all types and brands. Device Common to agencies and their facilities, including IP security cameras, fire alarm systems, switches, firewalls, wireless access points, printers, and more. Finally, the platform must be able to directly monitor any communication path that can be used in a cyber attack, including Ethernet, Wi-Fi, Bluetooth, BLE, and other wireless protocols such as Zigbee. Wireless coverage is important because attackers can exploit vulnerabilities such as BlueBorne, KRACK, and Broadpwn to wirelessly compromise OT devices without user interaction.
- Identify hazards associated with all devices
In addition to discovering assets, institutions need a platform that can identify risks and vulnerabilities in devices that interact with offices, remote locations, and cloud environments. This requires understanding what devices are and how they are used, and a unique understanding of device characteristics. Organizations should then be able to provide security and policy enforcement by comparing a device’s individual risk profile to the organization’s risk status. Automation is critical to ensuring accuracy and efficiency when managing environments with tens of thousands of devices.
- Passive monitoring of behavior and communication patterns of all devices
Real-time collective intelligence helps agencies make policy recommendations to better protect their environment, maintain mission continuity and operational resilience, and reduce risk. The ability to passively monitor all unmanaged and OT, IT, and IoT devices across networks and airspace is key not to disrupt device performance.
- Take automated actions to block attackers.
If a device is operating outside of a known-good profile, the platform should issue an alert and/or trigger an automated action. The platform should be able to correlate observed activity on the network with broader industry and device-specific threat intelligence, and should be able to detect real-world attacks with greater confidence, taking into account the presence of vulnerabilities and other risks.
Although the security outcomes required for OT environments are well known, traditional security tools cannot achieve them. Neither specialized OT security tools nor traditional IT security tools are designed for today’s hybrid OT/IT environments. The continuous integration of OT and IT requires institutions to take a different approach to security, one that connects the two areas for a more secure institution and greater continuity of mission.
About the author
Sachin Shah is Chief Technology Officer at Armis. As Armis Security’s Chief Technology Officer (CTO), he is responsible for setting out the technology settings, goals, resources and timelines for the research and development teams of all technology services. Making executive decisions on behalf of the company’s technology requirements, he also serves as a mentor to evangelize the technology leadership team, helping to maintain a consumer-centric outlook and bring projects to market. He is also responsible for ensuring that all technical practices comply with regulatory standards. He is a pioneering public speaker for today’s and tomorrow’s technology security needs.
Sachin can be contacted online at sachin@armis.com and on our website. https://www.armis.com/.
Fair Use Notice: “Fair use” laws allow other authors to make limited use of the original author’s work without permission. Under 17 US Code § 107, “It is not copyright infringement to use copyrighted material for purposes such as criticism, commentary, news reporting, education (including multiple copies for classroom use), scholarship, or research.” As a matter of policy, fair use is based on the belief that the public is free to use portions of copyrighted material for the purposes of comment and criticism. Fair use privileges are perhaps the most important restrictions on the exclusive rights of copyright owners. Cyber Defense Media Group is a news reporting company that reports cyber news, events, information and more free of charge on its website Cyber Defense Magazine. All images and reporting are conducted exclusively in accordance with the fair use of US copyright laws.