Cyber Security Technical Resources

How to get the IT and OT departments to speak the same language

Reading time: 4 minutes - Difficulty: medium

 

For years, industrial systems were manually managed and monitored, far from connections to the outside world and inaccessible to hackers.
Without an exposed network interface, systems were almost insignificant targets to attack or breach.

With the advent of Industry 4.0, the story changed and industrial systems became the favorite victims of cyber attacks.

 

What does the advent of Industry 4.0 entail?

 

The series of network integrations and connections implemented for the need to optimize OT processes and reduce operational costs has led to the, even unconscious, unification of infrastructure and systems, making the amount of data exchanged between IT and OT departments enormous.

It is here where the IT-OT convergence offers organizations improved processes but also increased exposure to risks, raising their vulnerability to cyber attacks. A big problem is that in the face of this evolution, a growing number of IT security professionals have suddenly found themselves managing the safety program for both areas – and many don’t even know where to start.

Therefore, the most visionary and forward-thinking organizations are looking for ways to get the Information and Operational Technology departments communicating.

 

 

Further recommended reading:

 

Let’s start from the beginning. What are the main differences between the IT and OT worlds?

 

An IT device has expandable computing power and memory, network traffic is significant in terms of bandwidth and allows for sporadic delays. The failure of an IT system to function translates into a loss in terms of business.
The life cycle of a hardware component is around 5 years.

Conversely, devices in the OT world have limited computing and memory capabilities. In addition, delays in OT communication are not acceptable since real-time operations are managed. Given the critical nature of OT-controlled systems, failure to function becomes a possible hazard to the surrounding property and people.
The life cycle of an OT hardware component is more than 15 years, and for this reason such systems, while not desirably exposed on the Internet, are extremely vulnerable to cyber attacks.

 

 

OT security trends

 

In contrast to the IT world, the communication protocols used by OT technologies are not designed to provide cyber security and are predominantly unencrypted. Nowadays, thanks to the increasing computational capacity of OT devices, the trend is changing and people are starting to use more secure and encrypted protocols.

IT and OT convergence has become concrete. Gone are the days when the OT was isolated: IT devices account for about half of what is in an OT environment, making it almost impossible to draw a clear line between the two realms.

However, it is undeniable that the IT and OT environments have been constructed differently, and it is important, for the purpose of understanding how the two worlds can communicate effectively, to recognize some of the characteristics that differentiate them:

 

 

 

  • For the IT world, data is the main asset, so it is logical that the biggest safety fear is a network breach and damage to data integrity, data exfiltration or a total access block for the organization.
  • In contrast, OT environments are inherently more physically dangerous, so we face the risk of an accident disrupting critical operations and endangering the safety of employees, and sometimes even people or property outside the company.
    Accordingly, the goal is to manage the environment in an always-on configuration. L’obiettivo, di conseguenza, è gestire l’ambiente in configurazione always-on.

 

In light of this, it should come as no surprise that the priorities of OT and IT security groups and their reactions to attacks are at the opposite ends of the spectrum, even within the same organization.

While in IT security the priority is C-I-A (Confidentiality, Integrity, Availability), in the OT world the perspective is diametrically opposed, with priorities changing to A-I-C (Availability, Integrity, Confidentiality).

As mentioned earlier, for IT security, data is absolutely the most important thing, so ensuring its confidentiality and integrity will supersede availability every time.
But in the safety-conscious OT world, operations must be available at all times to ensure that the environment runs smoothly and without failures that could lead to catastrophe.

In the event of an attack, the IT world goes into quarantine, shutting down affected systems as quickly as possible in an effort to contain the damage and minimize data loss.
In contrast, the OT takes the opposite approach, keeping the critical infrastructure in place at all times. The only exception outside this strategy, of course, is if the attack causes a malfunction of OT devices that impacts the health of people, whether they are internal or external to the company.

 

Further recommended reading:

 

Understanding the needs of the other department

 

The biggest challenge which is probably facing the IT world in securing the OT world is having to cope with the use of different tools, with proprietary protocols and systems with different lifecycles that limit or prevent a direct dialogue between the two environments; it is also not uncommon to encounter out-of-support systems or obsolete operating system versions.

 

Cyber security as a common language

 

A common goal of the IT and OT departments can be found in securing the critical assets of their respective networks. The search for vulnerabilities is the point of contact between the two departments. The vulnerability research tools to be used need to be adapted to the department.

In fact, the visibility of an OT facility and an accurate inventory of systems form the basis for being able to build a Security strategy.

 

 

Tenable’s solutions

 

Tenable.ot is a tool, specifically for OT environments, that effectively addresses these needs by combining a passive approach of network flow analysis to identify possible anomalies with an active approach.

Tenable Active query, a proprietary technology, communicates with sensitive OT controllers and devices using their native protocols, in exactly the same way that vendors themselves communicate with devices during routine system operations.
This technology provides a secure and reliable method of asking devices for specific configuration parameters, firmware versions, and other relevant metadata.

This provides much more accurate and detailed information about the OT environment than can be inferred from passive network monitoring alone. In addition to this, it is also possible to identify apparatuses that do not communicate which would otherwise remain unknown.

The information from the Active query part also allows for the validation of the vulnerabilities present on each device, and makes it possible to prioritize them using the Vulnerability Prioritization Rating (VPR) developed by Tenable Research.

And last but not least, the real challenge is to merge all disparate data, from two completely different environments, into a single dashboard so that all resources can be visualized and all security issues can be prioritized across the entire attack surface.

Tenable, through its native integrations, can give centralized visibility of the IT/OT risk and a single point of access with all information, all assets, the entire attack surface.

 

 

This contribution has been made in collaboration with TENABLE.

 

 

 

 

Do you need immediate assistance with Industrial Cyber Security?

 

 

Contact us

 

 

Do you want to help our page grow? Follow us on Linkedin

 

Go back to the blog
Send this to a friend