By Daniel Bren, co-founder & CEO, OTORIO
The United States Government Accountability Office (GAO) recently urged three federal agencies (Department of Homeland Security and Transportation, Energy, and Health and Human Services) to improve the protection of critical-infrastructure sectors with cybersecurity assessments. However, none of the agencies have done so, or even developed metrics to assess the effectiveness of these initiatives.
The US critical-infrastructure sectors are heavily dependent on the Internet of Things (IoT) and connected OT devices and systems that carry a high risk of cyber-attack. These federal agencies are the perfect example of how far we still need to go to improve OT security. If even highly advanced government agencies have issues, private entities are at greater risk than they may realize.
The good news is that manufacturers can protect their networks by taking the steps that I outline here...
Develop an integrated security strategy
In the face of mounting risks, it is crucial that organizations anchor security efforts to operational resilience by adopting a joint-governance model spanning IT and cyber-physical systems (OT, IoT, and IIoT).
The silos dividing security domains (cybersecurity, physical security, supply chain security, etc.) create vulnerabilities that bad actors can exploit. A unified, comprehensive, and enterprise-wide security strategy can help to triage and address digital-security threats faster and with greater reliability. By implementing a zero-trust approach to OT security, practitioners can continuously mitigate risks and safeguard the operational environment based on a single source of truth—a single, authoritative, and trusted source of information or data that is used as a reference point.
Integrate tools and automation
Organizations should also integrate tools and automation to address the dynamic nature of threats and unique security challenges of OT systems. These systems are often critical to the operation of industrial processes, so it is essential to protect them from threats such as cyber-attacks. Automated security tools can help identify and respond to these threats.
Conduct continuous risk assessments
Conducting ongoing risk assessments to identify hazards is crucial for maintaining the safety and security of OT environments. If an organization understands the strengths and weaknesses of its OT-cybersecurity posture, it can better create a plan to improve upon it. This includes baselining the network design and assets, testing penetration resilience, and using risk-assessment solutions to audit assets across multiple sites. These methods can prioritize risk based on operational context and provide recommendations and playbooks to enhance the overall OT-security posture.
Go beyond asset visibility
Organizations should get a comprehensive view of their operational processes and infrastructure for effective OT security. This can be achieved through advanced asset visibility, which involves gathering, coordinating, and analyzing data from various security and industrial sources within the environment, such as IDS, Firewall, EDR, PLC, DCS, SCADA, engineering systems, and more.
Develop OT-tailored mitigation playbooks
Having clear, actionable playbooks for incident response and mitigation help OT security professionals to quickly and efficiently address security incidents and mitigate impact on critical industrial processes. Automated, context-specific playbooks presented in an easy-to-follow manner can significantly improve mean-time-to-respond (MTTR) and minimize the disruption caused by security incidents.
The GAO is clearly concerned about the cybersecurity posture of the nation’s critical-infrastructure sectors. However, the lack of action by relevant federal agencies highlights the need for private entities to take responsibility for their own OT security.
Private entities must adopt an integrated security strategy, incorporate tools and automation, conduct continuous risk assessments, go beyond asset visibility and develop OT-tailored mitigation playbooks. By taking these steps, they can better protect their networks and operations against cyber-threats and improve their overall OT-security posture. As the threat landscape continues to evolve, it is critical that private businesses remain vigilant in their efforts to safeguard their critical infrastructure.
