Future-Proofing OT Cybersecurity
Video URL: https://vimeo.com/1104166370
Video Transcript
Future-Proofing OT Cybersecurity
Welcome to our presentation on future-proofing operational technology – or OT – cybersecurity and where we can go next. In this presentation, we will review the current landscape and frameworks used to provide cybersecurity for OT environments, examine today’s solutions, and explore future directions to protect our OT networks and devices better better.
Global Weekly Cyber Attacks Per Industry
Let’s start by examining the current state of affairs. Despite all the solutions and announcements, we still see significant year-over-year and quarter-over-quarter increases in the number of attacks in virtually all sectors. Cybersecurity is an issue that is far from being solved. So, what makes security for OT networks and devices so challenging?
OT is a Challenging Landscape for Cybersecurity
There are several factors. First, for years, IT and OT networks have been converging data in the cloud to achieve higher levels of operational efficiency. And while the IT world has been protected for years, OT networks and devices have received minimal attention or protection, creating vulnerabilities that can be exploited. OT networks are typically comprised of multiple vendors and legacy systems, making comprehensive integration a key challenge. And all of these vendors don’t share a common operating system, making seamless security hard. In many devices, there is no operating system at all. And OT is insecure from its creation. It was never contemplated that these industrial platforms would be connected in the manner they are today and exposed to the threats that now exist. Oftentimes, these networks or systems are standalone, both in buildings and in industrial controls. They’re not connected, nor were they ever designed to be connected, making in-field updates and patching difficult. As a result, the firmware installed on the device 15 years ago is often still running today. Network perimeters in the IT world are often easy to define. Good examples are Sales, payment, or accounting systems. However, in the OT world, networks can span large areas or even the entire country, making them more challenging to define and protect. Additionally, we have the industrial IoT and Cloud, which compound the difficulty in protecting these OT networks and devices. The addition of AI introduces another frontier and layer that needs to be addressed. What can we do with all these challenges? Let’s first consider what’s happening today and we should start by considering two frameworks that are commonly employed.
NIST Cybersecurity Framework 2.0 | Zero Trust Architecture
The first is NIST’s Cybersecurity Framework 2.0. Its six elements provide functional guidelines for implementing and communicating cybersecurity in an IT or OT environment. This cybersecurity framework also helps align the industry and users with a zero-trust architecture. And the second framework to consider is a zero-trust architecture. You can use zero trust to implement, detect, and protect the NIST Cybersecurity Framework. The Zero Trust Architecture will guide you on what items to secure, while the NIST Cybersecurity Framework outlines key security functions.
OT Solutions Today
Next, we need to examine the source and nature of current cybersecurity solutions today. Many of the OT solutions we see originate from the IT world and employ a network-based approach. That is, they provide key functions critical in the IT world, including monitoring, detection, and response, or MDR, a category often referenced when evaluating products and solutions for an IT network. Of course, visibility is also critical in the IT world, and many of these solutions will provide visibility functions that allow you to see what is connected to a network. All of this is retroactive. None of this is proactive. It assumes that there is an IT group, department, or technology team that will receive this data or alerts and respond accordingly. Where does this leave us? In the OT world, it leaves us challenged. The ongoing volume of high-profile attacks, combined with the sheer volume of alerts, often leads to “alert fatigue” or “alert showers”. Users can be easily overwhelmed and unable to identify what they need to address. In fact, many of these tools provide monitoring but don’t proactively protect the networks.
OT Networks Before Network Monitoring
Real-time protection is also limited. On this slide, we have an image of the Wireshark network monitoring tool connected to an OT network. Wireshark displays all communication activity between different points on a network at the data packet level. As you can see, we can view each data packet in this building environment, including the commands and all the data inside it, and so can a person trying to attack it.
OT Networks After Network Monitoring
Even after installing a monitoring solution that attempts to detect communication anomalies in a timely manner, plain text messages remain visible and can be easily viewed or captured. So, if this is the current state of protection, and we know there is a growing volume of attacks affecting virtually every sector of cybersecurity, what can we do? To begin, it’s important that we consider some additional goals to help us achieve effective cybersecurity, and here are some suggestions.
OT Security – Where to Go Next?
First, there is a need to focus on device-level solutions. It is essential that we prioritize the devices at the edge of a network. This is crucial for protecting and maintaining operations in a safe and timely manner, even when one device may be under attack. Authentication is equally critical. The devices need to be authenticated in the same way as anyone on an IT system would be authenticated. It’s critical to ensure that the users and devices are recognized entities by the network. Data Encryption is important. You must protect the data traveling on these networks. This protection was not seen as a priority years ago, and although data like room temperature may not seem important, the metadata, knowing in fact that the air conditioning is running in a critical room or a part of the building, may be all the information an attacker wants, and not the actual data itself. Data integrity is essential because the commands, logs, and information collected on an OT network must be reliable and trusted. Real-time protection is taken for granted in the IT world, it’s assumed that there’s always somebody who can go and address an issue, such as sending a person to the third floor to look at a server that may have malware or a virus. That’s not always the case in the OT world; the attack can be happening on part of the platform that’s across the street or perhaps hundreds of miles away in a SCADA or Smart Grid environment, so stopping it when detected without human intervention provides important value. And finally, cybersecurity tools need to be future-proof, as we mentioned earlier. Previously, building systems and industrial controls would be installed and remain in place for decades, with no firmware updates, relying on the security and firmware that were installed on the day of installation. Of course, with the evolving world and everything changing, we know that you must be able to update your defenses and solutions to address the needs of the moment in which they are operating.
OT Security Tools to Consider
So, what tools can we consider, and where should we look in the future? First and foremost, there should be device-bound authentication, where we must create a Root of Trust within the devices at the edge of these networks, allowing them to operate securely with or without a network connection. We need to introduce what is called public key, or asymmetric cryptography. These are the tools that we take for granted today on the Internet when logging into our bank accounts or putting our credit cards on a public network like the Internet to buy something online. Public key, or asymmetric, cryptography allows two or more entities to communicate securely over a public network, authenticating the data at a packet level and encrypting it so that we can trust the data. We must look for solutions that can address the existing infrastructure. Even if we introduce technologies like Root of Trust and public key or asymmetric cryptography, similar to our current banking or financial solutions, there is no easy way to implement them on the existing infrastructure. It would require the wholesale replacement of billions of devices and hundreds of billions of dollars worth of equipment, which would be cost-prohibitive and not likely to happen. Therefore, a solution must be able to address the existing infrastructure currently in place. Ideally, the platform should be able to utilize the cloud while also operating independently where necessary, and then be post-quantum ready, or upgradeable over the next few years, to protect against future quantum computer threats.
Conclusion
Implementing current security methods may have a shelf life of only five to seven years, or even less, as quantum computers are on the horizon. And quite simply, when these quantum computers are large enough, they will be able to run two different algorithms that actually break the mathematical foundation of all of the security that we use today. Therefore, it is crucial to install long-life solutions that are post-quantum ready, or at least field-upgradable to become post-quantum capable. And then, finally, in the case of using AI, most AI systems today must collect data from the network and bring it to the cloud for processing. It is important with many critical systems or defense users, they cannot be connected to a cloud server that their systems be able to process this data at the edge, where potentially a cyber-attack is coming from, learn the differences or the variances even between similar devices located at different places in a building or in an industrial control environment so that the AI engine teaching what is appropriate behavior can make it specific to that endpoint or edge device.
Next Steps
This has been an overview of OT security and our recommendations for goals and methods for making device security future-proof. Please contact Veridify Security to discuss implementing a device-level, zero-trust security solution for your OT network.
[Future-Proofing OT Cybersecurity] [Zero Trust] [OT Security]
—
Blog Post Summary – All of our recent posts listed on one page
