Cybersecurity given: attackers will never stop trying to find ways to exploit weaknesses and vulnerabilities anywhere in an organization to carry out an attack.
Whether it’s an unpatched web server, an out-of-date application with known vulnerabilities, or a user who tends to click links first and read later, attackers focus on finding a way to gain a foothold into an environment that will ultimately lead to them carrying out their attack. IT security teams and the vendors that support them continuously introduce new methods and technologies to make it harder for attackers to compromise an IT environment successfully, but it still happens frequently.
Now imagine an environment that was equally as critical to a business that did not get the same security focus as the IT environment. If an attacker compromised this environment, the company could suffer substantial losses, leading to catastrophic results. That is a scary thought, but for many organizations that manufacture goods and monitor critical infrastructure, this is more than a thought; it’s a reality. Securing Operational Technology (OT) environments is beyond the purview of most IT security teams for many reasons, including lack of OT expertise, monitoring complexity, and budget, to name a few.
Regardless, many security teams are being pressured to monitor and secure their OT environments, leaving security decision-makers, who typically are not OT experts, seeking solutions they can implement quickly to take on this new challenge. Understanding that these added tasks do not come with a significant increase in budget or the ability to add staff with OT expertise to their teams, many security managers need to think out of the box when securing this new environment. Of course, with unlimited resources and budget, you could go the best-of-breed route and build a world-class OT security stack managed by OT security ninjas, but that is not the case for 99% of the world.
For those people who need to watch every penny and minute, here are the four must-haves for securing an OT environment.
- Single Platform: There is little chance you have the budget or human resources to deploy an OT-specific security platform into your team. You must find an IT security platform to support your IT and OT environments. The platform should allow the collection and processing of IT and OT data sources together, allowing your team to maintain line-of-sight visibility across your organization.
- Agentless: Before signing on the dotted line for that single platform we discussed, you need to discuss with the vendor how they address the fact that in most OT environments, you cannot deploy agents typically used in IT environments. If they do not have an answer to that question, move on. Not having an agentless solution indicates they are overstating their ability to work with OT environments. A vendor needs to provide you with the ability to deploy hardware into the OT environment to collect and potentially analyze data in-line or out-of-band, which doesn’t require adding any software to the machinery in the OT environment.
- Detections: Assuming the vendor successfully moves past points 1 and 2, the next must-have is a demonstrable knowledge of the threats you will face in your IT and OT environments. The knowledge gap is part of the challenge for IT security teams when securing OT environments, so the vendor must fill this gap to meet your needs. A good vendor will provide a list of OT-specific threats they can identify and, ideally, a vision for future advancements in their OT-specific threat detection capabilities. Without this embedded knowledge and the promise from the vendor to continuous improvement, you will, over time, see your ability to trap new OT threats wane.
- Deployment: OT environments are like snowflakes; no two are the same. Given that these environments often include outdated hardware and specific restrictions on how data flows across the environment, you may face a situation where the answer given to point 2 is impossible in your environment. Again, a vendor serious about securing OT environments will know these scenarios can arise and either have in-house technology to address these cases or establish partnerships with technology vendors who can provide the necessary components. For example, Garland Technology specializes in delivering network visibility tools that meet the requirements of these diverse OT environments.
OT environments are responsible for everything we use daily. We rely on these organizations to deliver what we need. Keeping these environments secure means people get what they need. While this adds more work to an already stretched security team, following these guidelines can make it easier. Your security team will thank you.
